Adds or updates a group type

POST /groups-srv/grouptypes

This API call adds or updates a group type.

Creating a new group type:

You must specify groupType (unique identifier), objectOwner (client or admin), and roleMode.
The groupType must be unique across all group types.
The roleMode determines how roles can be used in user groups of this type:
- allowed_roles: Only roles specified in allowedRoles array can be assigned
- any_roles: Any role can be assigned to user groups of this type
- no_roles: No roles can be assigned to user groups of this type
If roleMode is allowed_roles, you must provide the allowedRoles array with at least one role.

Updating an existing group type:

You can update description, roleMode, and allowedRoles.
The groupType and objectOwner fields are immutable after creation.
When changing roleMode from allowed_roles to another mode, ensure no user groups are using roles that would become invalid.

Validation Rules:

groupType: Required, must be unique, cannot be empty, case-sensitive
objectOwner: Required, must be either "client" or "admin", immutable after creation
roleMode: Required, must be one of: "allowed_roles", "any_roles", "no_roles"
allowedRoles: Required if roleMode is "allowed_roles", must be a non-empty array of valid role names
All roles in allowedRoles must exist in the system before they can be used

Business Rules:

Group Types Setup with objectOwner: admin are system-managed and cannot be created or modified via API.
Only group types with objectOwner: client can be created and managed through this API.
Once a group type is created, its groupType and objectOwner cannot be changed.
If a role is removed from allowedRoles and user groups are using that role, those assignments remain but new assignments will be rejected.

/groups-srv/grouptypes