feat: add read latest authorization model API

Laid the foundation for openfga/openfga#1382
openfga · Feb 21, 2024 · 31bdaac · 31bdaac
1 parent c491fa7
commit 31bdaac
Show file tree

Hide file tree

Showing 6 changed files with 2,435 additions and 1,706 deletions.
diff --git a/docs/openapiv2/apidocs.swagger.json b/docs/openapiv2/apidocs.swagger.json
diff --git a/openfga/v1/openfga_service.proto b/openfga/v1/openfga_service.proto
@@ -410,6 +410,58 @@ service OpenFGAService {
     };
   }
 
+  rpc ReadLatestAuthorizationModel(ReadLatestAuthorizationModelRequest) returns (ReadLatestAuthorizationModelResponse) {
+    option (google.api.http) = {get: "/stores/{store_id}/latest-authorization-models"};
+
+    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+      summary: "Return latest authorization model"
+      tags: ["Authorization Models"]
+      operation_id: "ReadLatestAuthorizationModel"
+      description:
+        "The ReadLatestAuthorizationModel API returns the latest authorization model.\n"
+        "The response will return the authorization model.\n\n"
+        "## Example\n"
+        "The API will return:\n"
+        "```json\n"
+        "{\n"
+        "  \"authorization_model\":{\n"
+        "    \"id\":\"01G5JAVJ41T49E9TT3SKVS7X1J\",\n"
+        "    \"type_definitions\":[\n"
+        "      {\n"
+        "        \"type\":\"user\"\n"
+        "      },\n"
+        "      {\n"
+        "        \"type\":\"document\",\n"
+        "        \"relations\":{\n"
+        "          \"reader\":{\n"
+        "            \"union\":{\n"
+        "              \"child\":[\n"
+        "                {\n"
+        "                  \"this\":{}\n"
+        "                },\n"
+        "                {\n"
+        "                  \"computedUserset\":{\n"
+        "                    \"object\":\"\",\n"
+        "                    \"relation\":\"writer\"\n"
+        "                  }\n"
+        "                }\n"
+        "              ]\n"
+        "            }\n"
+        "          },\n"
+        "          \"writer\":{\n"
+        "            \"this\":{}\n"
+        "          }\n"
+        "        }\n"
+        "      }\n"
+        "    ]\n"
+        "  }\n"
+        "}\n"
+        "```\n"
+        "In the above example, there are 2 types (`user` and `document`). The `document` type "
+        "has 2 relations (`writer` and `reader`)."
+    };
+  }
+
   rpc WriteAuthorizationModel(WriteAuthorizationModelRequest) returns (WriteAuthorizationModelResponse) {
     option (google.api.http) = {
       post: "/stores/{store_id}/authorization-models"
@@ -1032,6 +1084,15 @@ message ExpandResponse {
   openfga.v1.UsersetTree tree = 1;
 }
 
+message ReadLatestAuthorizationModelRequest {
+  string store_id = 1 [
+    json_name = "store_id",
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {pattern: "^[ABCDEFGHJKMNPQRSTVWXYZ0-9]{26}$"},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {example: "\"01YCP46JKYM8FJCQ37NMBYHE5X\""}
+  ];
+}
+
 message ReadAuthorizationModelRequest {
   string store_id = 1 [
     json_name = "store_id",
@@ -1052,6 +1113,10 @@ message ReadAuthorizationModelResponse {
   AuthorizationModel authorization_model = 1 [json_name = "authorization_model"];
 }
 
+message ReadLatestAuthorizationModelResponse {
+  AuthorizationModel authorization_model = 1 [json_name = "authorization_model"];
+}
+
 message WriteAuthorizationModelRequest {
   string store_id = 1 [
     json_name = "store_id",