Merge pull request #1608 from Permify/abac-dsl

docs:  upgrade guide from v1.0 to v1.1

docs/api-reference/apidocs.swagger.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Permify API",
     "description": "Permify is an open source authorization service for creating fine-grained and scalable authorization systems.",
-    "version": "v1.0.7",
+    "version": "v1.1.0",
     "contact": {
       "name": "API Support",
       "url": "https://github.com/Permify/permify/issues",

docs/api-reference/openapiv2/apidocs.swagger.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Permify API",
     "description": "Permify is an open source authorization service for creating fine-grained and scalable authorization systems.",
-    "version": "v1.0.7",
+    "version": "v1.1.0",
     "contact": {
       "name": "API Support",
       "url": "https://github.com/Permify/permify/issues",

docs/migration/v1.0-v1.1.mdx

@@ -0,0 +1,93 @@
+---
+title: Upgrade Guide from v1.0 to v1.1
+---
+
+This document will help you upgrade from antd v1.0 to antd v1.1.
+
+# DSL Context
+
+In version 1.0, when importing data from the context, it was accessed using `request.field_name` and injected into the rule as a parameter. In version 1.1, this has been updated to access it as `context.data.field_name` within the rule.
+
+## v1.0
+
+```perm
+entity user {}
+
+entity account {
+    relation owner @user
+    attribute balance double
+
+    permission withdraw = check_balance(request.amount, balance) and owner
+}
+
+rule check_balance(amount double, balance double) {
+    (balance >= amount) && (amount <= 5000)
+}
+```
+
+## v1.1
+
+```perm
+entity user {}
+
+entity account {
+    relation owner @user
+    attribute balance double
+
+    permission withdraw = check_balance(balance) and owner
+}
+
+rule check_balance(balance double) {
+    (balance >= context.data.amount) && (context.data.amount <= 5000)
+}
+```
+
+# Lookup Entity Scopes
+
+A new field called `scope`  has been added to the lookup entity and lookup entity stream APIs. Here’s an example of how the scope can be used:
+
+```json
+"scope": {
+    "repository": {
+        "data": ["r1", "r2"]
+    },
+    "organization": {
+        "data": ["o2"]
+    }
+}
+```
+
+You can use the scope for multiple entity types. This request allows you to query only certain organizations and repositories. Below is an example that includes the entire body of the request:
+
+```json
+{
+    "metadata": {
+        "snap_token": {{snap_token}},
+        "schema_version": {{schema_version}},
+        "depth": 100
+    },
+    "entity_type": "repository",
+    "permission": "edit",
+    "subject": {
+        "type": "user",
+        "id": "u1",
+        "relation": ""
+    },
+    "scope": {
+        "repository": {
+            "data": ["r1", "r2"]
+        },
+        "organization": {
+            "data": ["o2"]
+        }
+    },
+    "page_size": 20,
+    "continuous_token": ""
+}
+```
+
+By default, it will operate as it did in the previous version.
+
+# Page Size Limitations
+
+The maximum validation for the `page_size`  field in the lookup entity and lookup entity stream APIs was previously set to 100. This restriction has been removed, and there is now no limit on the page size.

docs/mint.json

@@ -26,7 +26,7 @@
   },
   "analytics": {
     "plausible": {
-        "domain": "docs.permify.co"
+      "domain": "docs.permify.co"
     }
   },
   "topbarCtaButton": {
@@ -209,8 +209,8 @@
   ],
   "tabs": [
     {
-        "name": "API References",
-        "url": "api-reference"
+      "name": "API References",
+      "url": "api-reference"
     }
   ],
   "anchors": [
@@ -334,6 +334,12 @@
         "use-cases/multi-tenancy"
       ]
     },
+    {
+      "group": "Migration",
+      "pages": [
+        "migration/v1.0-v1.1"
+      ]
+    },
     {
       "group": "API Documentation",
       "pages": [
@@ -367,7 +373,7 @@
         "api-reference/permission/lookup-entity",
         "api-reference/permission/lookup-entity-stream",
         "api-reference/permission/subject-permission"
-        ]
+      ]
     },
     {
       "group": "Tenancy Service",

docs/modeling-guides/abac/text-object-based-conditions.mdx

@@ -19,28 +19,30 @@ entity organization {
 
 	attribute location string[]
 
-	permission view = check_location(request.current_location, location) or admin
+	permission view = check_location(location) or admin
 }
 
 rule check_location(current_location string, location string[]) {
-	current_location in location
+	context.data.current_location in location
 }
 ```
 
-<Warning>If you don’t create the related attribute data, Permify accounts string as `""`</Warning>
-
 ### View Access On Weekends
 
 In this example, to be able to view the repository it must not be a weekend, and the user must be a member of the organization.
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
 entity organization {
 
     relation member @user
 
-    permission view = is_weekday(request.day_of_week) and member
+    attribute valid_weekdays string[]
+
+    permission view = is_weekday(valid_weekdays) and member
 }
 
 entity repository {
@@ -50,8 +52,8 @@ entity repository {
     permission view = organization.view
 }
 
-rule is_weekday(day_of_week string) {
-      day_of_week != 'saturday' && day_of_week != 'sunday'
+rule is_weekday(valid_weekdays string[]) {
+    context.data.day_of_week in valid_weekdays
 }
 ```
 
@@ -62,12 +64,12 @@ The permissions in this model state that to 'view' the repository, the user must
 - organization:1#member@user:1
 
 **Check Evolution Sub Queries Organization View**
-→ organization:1$is_weekday(context.day_of_week) → true
+→ organization:1$is_weekday(valid_weekdays) → true
 → organization:1#member@user:1 → true
 
 **Request keys before hash**
 
-- `check*{snapshot}*{schema*version}*{context}\_organization:1$is_weekday(context.day_of_week)` → true
+- `check*{snapshot}*{schema*version}*{context}\_organization:1$is_weekday(valid_weekdays)` → true
 - `check*{snapshot}*{schema*version}*{context}\_post:1#member@user:1` → true
 
 

docs/use-cases/abac.mdx

@@ -114,7 +114,6 @@ entity post {
 		permission view = is_public
 }
 ```
-<Warning>If you don’t create the related attribute data, Permify accounts boolean as `FALSE`</Warning>
 
 ### Text & Object Based Conditions
 
@@ -125,6 +124,8 @@ String can be used as attribute data type in a variety of scenarios where text-b
 - **Time Zone**: If access needs to be controlled based on time zones, a time zone attribute (e.g., "EST", "PST", "GMT") could be stored as a string.
 - **Day of the Week:** In a scenario where access to certain resources is determined by the day of the week, the string data type can be used to represent these days (e.g., "Monday", "Tuesday", etc.) as attributes!
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
@@ -142,9 +143,6 @@ rule check_location(location string[]) {
 }
 ```
 
-<Warning>If you don’t create the related attribute data, Permify accounts string as `""`</Warning>
-
-
 ### Numerical Conditions
 
 #### Integers
@@ -156,6 +154,8 @@ Integer can be used as attribute data type in several scenarios where numerical
 - **Resource Size or Length:** If access to resources is controlled based on their size or length (like a document's length or a file's size), these can be stored as integer attributes.
 - **Version Number:** If access control decisions need to consider the version number of a resource (like a software version or a document revision), these can be stored as integer attributes.
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity content {
     attribute min_age integer
@@ -167,7 +167,6 @@ rule check_age(min_age integer) {
 		context.data.age >= min_age
 }
 ```
-<Warning>If you don’t create the related attribute data, Permify accounts integer as `0`</Warning>
 
 #### Double - Precise numerical information
 
@@ -178,6 +177,8 @@ Double can be used as attribute data type in several scenarios where precise num
 - **User Rating:** If access control decisions need to consider a user's rating (like a rating out of 5 with decimal points, such as 4.7), these ratings can be stored as double attributes.
 - **Geolocation:** If access control decisions need to consider precise geographical coordinates (like latitude and longitude, which are often represented with decimal points), these coordinates can be stored as double attributes.
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
@@ -192,7 +193,6 @@ rule check_balance(balance double) {
 	(balance >= context.data.amount) && (context.data.amount <= 5000)
 }
 ```
-<Warning>If you don’t create the related attribute data, Permify accounts double as `0.0`</Warning>
 
 ## Example Use Cases
 
@@ -243,6 +243,8 @@ This means that the 'view' permission is granted if either the repository is pub
 
 In this example, to be able to view the repository it must not be a weekend, and the user must be a member of the organization.
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
@@ -289,6 +291,8 @@ This model represents a banking system with two entities: **`user`** and **`acco
 1. **`user`**: Represents a customer of the bank.
 2. **`account`**: Represents a bank account that has an **`owner`** (which is a **`user`**), and a **`balance`** (amount of money in the account).
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
@@ -390,6 +394,8 @@ rule check_budget(budget double) {
 
 **Model**
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```perm
 entity user {}
 
@@ -540,6 +546,8 @@ In the model, a **`delete`** permission rule is set. It calls the function **`is
 
 **Create Validation File**
 
+<Warning>This schema works correctly in versions above v1.1. If you are using an earlier version, please refer to the version differences [here](/migration/v1.0-v1.1).</Warning>
+
 ```yaml
 schema: >-
   entity user {}

internal/info.go

@@ -23,7 +23,7 @@ var Identifier = ""
 */
 const (
 	// Version is the last release of the Permify (e.g. v0.1.0)
-	Version = "v1.0.7"
+	Version = "v1.1.0"
 )
 
 // Function to create a single line of the ASCII art with centered content and color