Merge pull request #379 from permitio/asaf/cto-334-abac-user-permissi…

…on-docs abac user permissions docs
permitio · Jul 1, 2024 · a6e3700 · a6e3700
2 parents faf63a9 + 9b6dbbe
commit a6e3700
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 3 deletions.
diff --git a/docs/how-to/enforce-permissions/user-permissions.mdx b/docs/how-to/enforce-permissions/user-permissions.mdx
@@ -98,6 +98,69 @@ func main() {
 </TabItem>
 </Tabs>
 
-:::info
-Currently, using "GetUserPermissions" works only for RBAC & ReBAC.
-:::
+## EAP: Enabling ABAC in user permissions
+
+The `permit.GetUserPermissions` function can also find all permitted objects based on
+attribute-based rules (ABAC condition sets), however this calculation is a bit more
+expensive to run performance wise. For that reason, you have to manually turn on
+this capabality when needed.
+
+Not all SDKs are supporting this feature at this point in time,
+you can directly call the PDP API if your SDK is not supporting it yet.
+
+<Tabs groupId="language">
+<TabItem value="curl" label="cURL">
+
+Assuming `localhost:7766` is the PDP address relative to the caller:
+
+```
+curl --location 'http://localhost:7766/user-permissions' \
+--header 'Content-Type: application/json' \
+--header 'Authorization: Bearer <api key>' \
+--data '{
+    "user": {
+        "key": "eddie"
+    },
+    "resource_types": [
+        "document",
+        "__tenant"
+    ],
+    "context": {
+        "enable_abac_user_permissions": true
+    }
+}'
+```
+
+</TabItem>
+<TabItem value="java" label="Java">
+
+```java
+import io.permit.sdk.Permit;
+import io.permit.sdk.PermitConfig;
+import io.permit.sdk.enforcement.*;
+import io.permit.sdk.util.Context;
+import java.util.Arrays;
+
+
+Permit permit = new Permit(
+    new PermitConfig.Builder("[YOUR_API_KEY]").build()
+);
+
+Context context = new Context();
+context.put("enable_abac_user_permissions", new Boolean(true));
+
+UserPermissions permissions = permit.getUserPermissions(
+	new GetUserPermissionsQuery(
+		User.fromString("john@doe.com"), // user key
+		null, // tenants filter is not required for ABAC
+		Arrays.asList("document", "__tenant"), // resource types is always required for ABAC, __tenants is required to not ignore RBAC-based permissions
+		null, // resources not required
+		context,
+	)
+);
+
+```
+</TabItem>
+
+</Tabs>
+
diff --git a/docs/sdk/sdks-overview.mdx b/docs/sdk/sdks-overview.mdx
@@ -21,6 +21,7 @@ This page lists the feature parity of the different SDKs that we provide to use
 | Check                    | ✅  | ✅  | ✅  | ✅  | ✅  | ✅ | 🟤 |
 | Check All Tenants        | ✅  | ✅  | 🔴 | ✅  | 🔴 | 🔴 | 🟤 |
 | Get User Permission      | ✅  | ✅  | 🔴 | ✅  | 🔴 | 🔴 | 🟤 |
+| Get User Permission (ABAC) | 🔴  | 🔴  | 🔴 | ✅  | 🔴 | 🔴 | 🟤 |
 | Get User Tenant          | 🔴 | 🔴 | 🔴 | ✅  | 🔴 | 🔴 | 🟤 |
 | List Role Assignments from PDP | 🔴 | 🔴 | 🔴 | 🔴 | ✅ | 🔴 | 🟤 |
 | Get Authorized Users | 🔴 | 🔴 | 🔴 | 🔴 | ✅ | 🔴 | 🟤 |