# AI Studios - Publication Permission Check

POST /api/v1/aistudios/permission/
Content-Type: application/json

Validate a user's access to a publication (studio) and optionally switch their workspace cookie.

Request Body: {"url": "<publication-custom-url>"}.

Logic Flow:
1. Resolve publication via custom URL (404 if invalid).
2. Determine membership: owner OR co-creator OR explicit workspace member OR current request workspace match.
3. If publication visibility != PUBLIC:
   - 401 if user unauthenticated
   - 404 if authenticated but not a member.
4. If member, set/overwrite workspace cookie (wsid) to publication.workspace.id.
5. Always return a JSON {detail: <message>} with appropriate status code.

Cookie is only set when membership is confirmed and a workspace exists. Public visibility always returns 200 even for non-members (cookie unchanged).

Reference: https://docs.aisquare.studio/api-reference/ai-square-studio-api/aistudios/permission-create

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: AISquare Studio API
  version: 1.0.0
paths:
  /api/v1/aistudios/permission/:
    post:
      operationId: permission-create
      summary: AI Studios - Publication Permission Check
      description: >-
        Validate a user's access to a publication (studio) and optionally switch
        their workspace cookie.


        Request Body: {"url": "<publication-custom-url>"}.


        Logic Flow:

        1. Resolve publication via custom URL (404 if invalid).

        2. Determine membership: owner OR co-creator OR explicit workspace
        member OR current request workspace match.

        3. If publication visibility != PUBLIC:
           - 401 if user unauthenticated
           - 404 if authenticated but not a member.
        4. If member, set/overwrite workspace cookie (wsid) to
        publication.workspace.id.

        5. Always return a JSON {detail: <message>} with appropriate status
        code.


        Cookie is only set when membership is confirmed and a workspace exists.
        Public visibility always returns 200 even for non-members (cookie
        unchanged).
      tags:
        - subpackage_aistudios
      responses:
        '200':
          description: >-
            Access granted (public or authorized). Cookie updated only when user
            is a member.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/aistudios_permissionCreate_Response_200'
        '401':
          description: Authentication required for non-public publication
          content:
            application/json:
              schema:
                description: Any type
        '404':
          description: >-
            Publication not found or access denied (non-public and requester not
            a member)
          content:
            application/json:
              schema:
                description: Any type
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                url:
                  type: string
                  description: Publication custom URL to validate access for
              required:
                - url
components:
  schemas:
    aistudios_permissionCreate_Response_200:
      type: object
      properties: {}
      description: Empty response body
      title: aistudios_permissionCreate_Response_200

```

## SDK Code Examples

```python
import requests

url = "https://api.example.com/api/v1/aistudios/permission/"

payload = { "url": "ai-research-studio" }
headers = {"Content-Type": "application/json"}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.example.com/api/v1/aistudios/permission/';
const options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: '{"url":"ai-research-studio"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.example.com/api/v1/aistudios/permission/"

	payload := strings.NewReader("{\n  \"url\": \"ai-research-studio\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.example.com/api/v1/aistudios/permission/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Content-Type"] = 'application/json'
request.body = "{\n  \"url\": \"ai-research-studio\"\n}"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.example.com/api/v1/aistudios/permission/")
  .header("Content-Type", "application/json")
  .body("{\n  \"url\": \"ai-research-studio\"\n}")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.example.com/api/v1/aistudios/permission/', [
  'body' => '{
  "url": "ai-research-studio"
}',
  'headers' => [
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.example.com/api/v1/aistudios/permission/");
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"url\": \"ai-research-studio\"\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = ["Content-Type": "application/json"]
let parameters = ["url": "ai-research-studio"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.example.com/api/v1/aistudios/permission/")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```