Access rights description

[brunogirin]

Can you describe how access rights are handle in the API please? It appears that a primary user can register for an organisation and then invite other users to each of the survey responses. Do we have any way to know:

• What organisation a user is related to?
• Whether a user is the person who created a given survey?
• What surveys a user has been invited to?

[amichal]

There is no real over-aching concept of an "organization" in the system. Each response is for a specific entity ("company/fund" is the GRESB term) and it's name and manager properties show the fund/company and a parent company name.

The user who is identified by the oauth token you receive) will have edit rights (at least) to all of the responses you can see in the API. The will all only be visible for the current survey cycle (in this version o f the API) and are editable until the survey is submitted.

If that explanation makes any sense I'll look into getting a version of it into the API documentation

[EmilTemirov]

Each response is for a specific entity ("company/fund" is the GRESB term) and it's name and manager properties show the fund/company and a parent company name.

It's true for documentation (http://gresb.github.io/api-docs/#fields, company_fund_id read-only), but I get response without "company_fund_id" property:

{
    "object": "list",
    "has_more": false,
    "data": [
        {
            "country": null,
            "created_at": "2015-02-16T09:22:33Z",
            "id": 2541,
            "legal_status": null,
            "manager": null,
            "name": "test response",
            "property_type": null,
            "region": null,
            "submitted_at": null,
            "survey_date": "2015",
            "updated_at": "2015-02-16T09:22:33Z"
        }
    ]
}