From 0e6c364a6b0b8aa8275c5eee7bfb25249ecbf420 Mon Sep 17 00:00:00 2001 From: gideonsmila Date: Sun, 22 Dec 2024 12:15:26 +0200 Subject: [PATCH 1/3] Update getuserpermission section - add new fucntino getUserPermissionsFromOPA --- .../enforce-permissions/user-permissions.mdx | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/docs/how-to/enforce-permissions/user-permissions.mdx b/docs/how-to/enforce-permissions/user-permissions.mdx index dea38f6c..5a5cbbd9 100644 --- a/docs/how-to/enforce-permissions/user-permissions.mdx +++ b/docs/how-to/enforce-permissions/user-permissions.mdx @@ -160,7 +160,40 @@ UserPermissions permissions = permit.getUserPermissions( ); ``` - +## Get user permissions directly from opa + +:::info Info +Not Support FactDB +::: + +```java +import io.permit.sdk.Permit; +import io.permit.sdk.PermitConfig; +import io.permit.sdk.enforcement.*; +import io.permit.sdk.util.Context; +import java.util.Arrays; + + +Permit permit = new Permit( + new PermitConfig.Builder("[YOUR_API_KEY]").build() +); + +Context context = new Context(); +context.put("enable_abac_user_permissions", new Boolean(true)); + +UserPermissions permissions = permit.getUserPermissionsFromOPA( + new GetUserPermissionsQuery( + User.fromString("john@doe.com"), // user key + null, // tenants filter is not required for ABAC + Arrays.asList("document", "__tenant"), // resource types is always required for ABAC, __tenants is required to not ignore RBAC-based permissions + null, // resources not required + context, + ) +); + +``` + + From 962ae134a494ee054c07f3e9df21cbf2c48b7bb2 Mon Sep 17 00:00:00 2001 From: gideons <101128327+gideonsmila@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:15:10 +0200 Subject: [PATCH 2/3] Update docs/how-to/enforce-permissions/user-permissions.mdx Co-authored-by: omer9564 <42326891+omer9564@users.noreply.github.com> --- docs/how-to/enforce-permissions/user-permissions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/how-to/enforce-permissions/user-permissions.mdx b/docs/how-to/enforce-permissions/user-permissions.mdx index 5a5cbbd9..8ad045be 100644 --- a/docs/how-to/enforce-permissions/user-permissions.mdx +++ b/docs/how-to/enforce-permissions/user-permissions.mdx @@ -164,7 +164,7 @@ UserPermissions permissions = permit.getUserPermissions( ## Get user permissions directly from opa :::info Info -Not Support FactDB +This feature is not supported when using FactDB and should not be used with FactDB enabled on the PDP ::: ```java From 91c788d9a28b73d5b42645690607a12e8fca225e Mon Sep 17 00:00:00 2001 From: gideonsmila Date: Mon, 23 Dec 2024 10:25:23 +0200 Subject: [PATCH 3/3] Make example more simple + add info about why to use getUserPermissionsWithOPA --- .../enforce-permissions/user-permissions.mdx | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/docs/how-to/enforce-permissions/user-permissions.mdx b/docs/how-to/enforce-permissions/user-permissions.mdx index 8ad045be..9cfe8bb8 100644 --- a/docs/how-to/enforce-permissions/user-permissions.mdx +++ b/docs/how-to/enforce-permissions/user-permissions.mdx @@ -163,10 +163,15 @@ UserPermissions permissions = permit.getUserPermissions( ## Get user permissions directly from opa -:::info Info +:::info Note This feature is not supported when using FactDB and should not be used with FactDB enabled on the PDP ::: +:::info Info +When experiencing high load, it may be more efficient to call the OPA engine directly from the SDK. +Please note that to enable this, you will need to expose the OPA port (8181). +::: + ```java import io.permit.sdk.Permit; import io.permit.sdk.PermitConfig; @@ -179,16 +184,9 @@ Permit permit = new Permit( new PermitConfig.Builder("[YOUR_API_KEY]").build() ); -Context context = new Context(); -context.put("enable_abac_user_permissions", new Boolean(true)); - UserPermissions permissions = permit.getUserPermissionsFromOPA( new GetUserPermissionsQuery( - User.fromString("john@doe.com"), // user key - null, // tenants filter is not required for ABAC - Arrays.asList("document", "__tenant"), // resource types is always required for ABAC, __tenants is required to not ignore RBAC-based permissions - null, // resources not required - context, + User.fromString("john@doe.com") ) );