From 3b7f09458e28b274d66b3340a982bc254e36381c Mon Sep 17 00:00:00 2001 From: Will Vedder Date: Thu, 13 Jun 2024 21:03:27 -0400 Subject: [PATCH] Removing excluded users from ListUsers response (#108) Initial commit of removing excluded users --- .openapi-generator/FILES | 2 - README.md | 4 +- api_open_fga.go | 10 ++- api_open_fga_test.go | 6 +- client/client_test.go | 6 +- docs/ListUsersResponse.md | 23 +---- docs/ObjectOrUserset.md | 82 ------------------ model_list_users_response.go | 31 +------ model_object_or_userset.go | 160 ----------------------------------- 9 files changed, 12 insertions(+), 312 deletions(-) delete mode 100644 docs/ObjectOrUserset.md delete mode 100644 model_object_or_userset.go diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES index 9b8d87d..c9ae737 100644 --- a/.openapi-generator/FILES +++ b/.openapi-generator/FILES @@ -57,7 +57,6 @@ docs/Node.md docs/Nodes.md docs/NotFoundErrorCode.md docs/NullValue.md -docs/ObjectOrUserset.md docs/ObjectRelation.md docs/OpenFgaApi.md docs/PathUnknownErrorMessageResponse.md @@ -147,7 +146,6 @@ model_node.go model_nodes.go model_not_found_error_code.go model_null_value.go -model_object_or_userset.go model_object_relation.go model_path_unknown_error_message_response.go model_read_assertions_response.go diff --git a/README.md b/README.md index 1e7c913..4ed1dce 100644 --- a/README.md +++ b/README.md @@ -823,7 +823,7 @@ userFilters := []openfga.UserTypeFilter{{ Type: "user" }} // userFilters := []openfga.UserTypeFilter{{ Type: "team", Relation: openfga.PtrString("member") }} requestBody := ClientListUsersRequest{ - Object: openfga.Object{ + Object: openfga.FgaObject{ Type: "document", Id: "roadmap", }, @@ -846,7 +846,6 @@ data, err := fgaClient.ListRelations(context.Background()). Execute() // response.users = [{object: {type: "user", id: "81684243-9356-4421-8fbf-a4f8d36aa31b"}}, {userset: { type: "user" }}, ...] -// response.excluded_users = [ {object: {type: "user", id: "4a455e27-d15a-4434-82e0-136f9c2aa4cf"}}, ... ] ``` ### Assertions @@ -990,7 +989,6 @@ Class | Method | HTTP request | Description - [Nodes](docs/Nodes.md) - [NotFoundErrorCode](docs/NotFoundErrorCode.md) - [NullValue](docs/NullValue.md) - - [ObjectOrUserset](docs/ObjectOrUserset.md) - [ObjectRelation](docs/ObjectRelation.md) - [PathUnknownErrorMessageResponse](docs/PathUnknownErrorMessageResponse.md) - [ReadAssertionsResponse](docs/ReadAssertionsResponse.md) diff --git a/api_open_fga.go b/api_open_fga.go index 2387b4b..de1bb9c 100644 --- a/api_open_fga.go +++ b/api_open_fga.go @@ -304,8 +304,9 @@ type OpenFgaApi interface { You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related users in an array in the "users" field of the response. These results may include specific objects, usersets - or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In certain cases of negation via the `but not` operator, some results are marked as excluded from the main set of results. These exclusions - are returned in the `excluded_users` property and should be handled appropriately at the point of implementation.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. + or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In cases where a type-bound public acces result is returned (e.g. `user:*`), it cannot be inferred that all subjects + of that type have a relation to the object; it is possible that negations exist and checks should still be queried + on individual subjects to ensure access to that document.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. The returned users will not be sorted, and therefore two identical calls may yield different sets of users. * @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). * @param storeId @@ -2708,8 +2709,9 @@ An `authorization_model_id` may be specified in the body. If it is not specified You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related users in an array in the "users" field of the response. These results may include specific objects, usersets -or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In certain cases of negation via the `but not` operator, some results are marked as excluded from the main set of results. These exclusions -are returned in the `excluded_users` property and should be handled appropriately at the point of implementation.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. +or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In cases where a type-bound public acces result is returned (e.g. `user:*`), it cannot be inferred that all subjects +of that type have a relation to the object; it is possible that negations exist and checks should still be queried +on individual subjects to ensure access to that document.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. The returned users will not be sorted, and therefore two identical calls may yield different sets of users. - @param ctx _context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background(). - @param storeId diff --git a/api_open_fga_test.go b/api_open_fga_test.go index dc7318f..f2ab81f 100644 --- a/api_open_fga_test.go +++ b/api_open_fga_test.go @@ -885,7 +885,7 @@ func TestOpenFgaApi(t *testing.T) { test := TestDefinition{ Name: "ListUsers", // A real API would not return all these for the filter provided, these are just for test purposes - JsonResponse: `{"excluded_users":null,"users":[{"object":{"id":"81684243-9356-4421-8fbf-a4f8d36aa31b","type":"user"}},{"userset":{"id":"fga","relation":"member","type":"team"}},{"wildcard":{"type":"user"}}]}`, + JsonResponse: `{"users":[{"object":{"id":"81684243-9356-4421-8fbf-a4f8d36aa31b","type":"user"}},{"userset":{"id":"fga","relation":"member","type":"team"}},{"wildcard":{"type":"user"}}]}`, ResponseStatus: http.StatusOK, Method: http.MethodPost, RequestPath: "list-users", @@ -964,10 +964,6 @@ func TestOpenFgaApi(t *testing.T) { if got.Users[2].GetWildcard().Type != expectedResponse.Users[2].GetWildcard().Type { t.Fatalf("OpenFga%v().Execute() = %v, want %v (%v)", test.Name, got.Users[2], expectedResponse.Users[2], "wildcard: { type: \"user\" }") } - - if len(got.ExcludedUsers) != len(expectedResponse.ExcludedUsers) { - t.Fatalf("OpenFga%v().Execute() = %v, want %v", test.Name, got.GetExcludedUsers(), expectedResponse.GetExcludedUsers()) - } }) t.Run("Check with 400 error", func(t *testing.T) { diff --git a/client/client_test.go b/client/client_test.go index 0172554..2cb547d 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -2441,7 +2441,7 @@ func TestOpenFgaClient(t *testing.T) { test := TestDefinition{ Name: "ListUsers", // A real API would not return all these for the filter provided, these are just for test purposes - JsonResponse: `{"excluded_users":null,"users":[{"object":{"id":"81684243-9356-4421-8fbf-a4f8d36aa31b","type":"user"}},{"userset":{"id":"fga","relation":"member","type":"team"}},{"wildcard":{"type":"user"}}]}`, + JsonResponse: `{"users":[{"object":{"id":"81684243-9356-4421-8fbf-a4f8d36aa31b","type":"user"}},{"userset":{"id":"fga","relation":"member","type":"team"}},{"wildcard":{"type":"user"}}]}`, ResponseStatus: http.StatusOK, Method: http.MethodPost, RequestPath: "list-users", @@ -2518,10 +2518,6 @@ func TestOpenFgaClient(t *testing.T) { t.Fatalf("OpenFga%v().Execute() = %v, want %v (%v)", test.Name, got.Users[2], expectedResponse.Users[2], "wildcard: { type: \"user\" }") } - if len(got.ExcludedUsers) != len(expectedResponse.ExcludedUsers) { - t.Fatalf("OpenFga%v().Execute() = %v, want %v", test.Name, got.GetExcludedUsers(), expectedResponse.GetExcludedUsers()) - } - // ListUsers without options should work _, err = fgaClient.ListUsers(context.Background()).Body(requestBody).Execute() if err != nil { diff --git a/docs/ListUsersResponse.md b/docs/ListUsersResponse.md index 9da5977..46897c8 100644 --- a/docs/ListUsersResponse.md +++ b/docs/ListUsersResponse.md @@ -5,13 +5,12 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **Users** | [**[]User**](User.md) | | -**ExcludedUsers** | [**[]ObjectOrUserset**](ObjectOrUserset.md) | | ## Methods ### NewListUsersResponse -`func NewListUsersResponse(users []User, excludedUsers []ObjectOrUserset, ) *ListUsersResponse` +`func NewListUsersResponse(users []User, ) *ListUsersResponse` NewListUsersResponse instantiates a new ListUsersResponse object This constructor will assign default values to properties that have it defined, @@ -46,26 +45,6 @@ and a boolean to check if the value has been set. SetUsers sets Users field to given value. -### GetExcludedUsers - -`func (o *ListUsersResponse) GetExcludedUsers() []ObjectOrUserset` - -GetExcludedUsers returns the ExcludedUsers field if non-nil, zero value otherwise. - -### GetExcludedUsersOk - -`func (o *ListUsersResponse) GetExcludedUsersOk() (*[]ObjectOrUserset, bool)` - -GetExcludedUsersOk returns a tuple with the ExcludedUsers field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetExcludedUsers - -`func (o *ListUsersResponse) SetExcludedUsers(v []ObjectOrUserset)` - -SetExcludedUsers sets ExcludedUsers field to given value. - - [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/ObjectOrUserset.md b/docs/ObjectOrUserset.md deleted file mode 100644 index 90f4dc0..0000000 --- a/docs/ObjectOrUserset.md +++ /dev/null @@ -1,82 +0,0 @@ -# ObjectOrUserset - -## Properties - -Name | Type | Description | Notes ------------- | ------------- | ------------- | ------------- -**Object** | Pointer to [**FgaObject**](FgaObject.md) | | [optional] -**Userset** | Pointer to [**UsersetUser**](UsersetUser.md) | | [optional] - -## Methods - -### NewObjectOrUserset - -`func NewObjectOrUserset() *ObjectOrUserset` - -NewObjectOrUserset instantiates a new ObjectOrUserset object -This constructor will assign default values to properties that have it defined, -and makes sure properties required by API are set, but the set of arguments -will change when the set of required properties is changed - -### NewObjectOrUsersetWithDefaults - -`func NewObjectOrUsersetWithDefaults() *ObjectOrUserset` - -NewObjectOrUsersetWithDefaults instantiates a new ObjectOrUserset object -This constructor will only assign default values to properties that have it defined, -but it doesn't guarantee that properties required by API are set - -### GetObject - -`func (o *ObjectOrUserset) GetObject() FgaObject` - -GetObject returns the Object field if non-nil, zero value otherwise. - -### GetObjectOk - -`func (o *ObjectOrUserset) GetObjectOk() (*FgaObject, bool)` - -GetObjectOk returns a tuple with the Object field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetObject - -`func (o *ObjectOrUserset) SetObject(v FgaObject)` - -SetObject sets Object field to given value. - -### HasObject - -`func (o *ObjectOrUserset) HasObject() bool` - -HasObject returns a boolean if a field has been set. - -### GetUserset - -`func (o *ObjectOrUserset) GetUserset() UsersetUser` - -GetUserset returns the Userset field if non-nil, zero value otherwise. - -### GetUsersetOk - -`func (o *ObjectOrUserset) GetUsersetOk() (*UsersetUser, bool)` - -GetUsersetOk returns a tuple with the Userset field if it's non-nil, zero value otherwise -and a boolean to check if the value has been set. - -### SetUserset - -`func (o *ObjectOrUserset) SetUserset(v UsersetUser)` - -SetUserset sets Userset field to given value. - -### HasUserset - -`func (o *ObjectOrUserset) HasUserset() bool` - -HasUserset returns a boolean if a field has been set. - - -[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) - - diff --git a/model_list_users_response.go b/model_list_users_response.go index 6ab65d0..f706184 100644 --- a/model_list_users_response.go +++ b/model_list_users_response.go @@ -20,18 +20,16 @@ import ( // ListUsersResponse struct for ListUsersResponse type ListUsersResponse struct { - Users []User `json:"users"yaml:"users"` - ExcludedUsers []ObjectOrUserset `json:"excluded_users"yaml:"excluded_users"` + Users []User `json:"users"yaml:"users"` } // NewListUsersResponse instantiates a new ListUsersResponse object // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewListUsersResponse(users []User, excludedUsers []ObjectOrUserset) *ListUsersResponse { +func NewListUsersResponse(users []User) *ListUsersResponse { this := ListUsersResponse{} this.Users = users - this.ExcludedUsers = excludedUsers return &this } @@ -67,34 +65,9 @@ func (o *ListUsersResponse) SetUsers(v []User) { o.Users = v } -// GetExcludedUsers returns the ExcludedUsers field value -func (o *ListUsersResponse) GetExcludedUsers() []ObjectOrUserset { - if o == nil { - var ret []ObjectOrUserset - return ret - } - - return o.ExcludedUsers -} - -// GetExcludedUsersOk returns a tuple with the ExcludedUsers field value -// and a boolean to check if the value has been set. -func (o *ListUsersResponse) GetExcludedUsersOk() (*[]ObjectOrUserset, bool) { - if o == nil { - return nil, false - } - return &o.ExcludedUsers, true -} - -// SetExcludedUsers sets field value -func (o *ListUsersResponse) SetExcludedUsers(v []ObjectOrUserset) { - o.ExcludedUsers = v -} - func (o ListUsersResponse) MarshalJSON() ([]byte, error) { toSerialize := map[string]interface{}{} toSerialize["users"] = o.Users - toSerialize["excluded_users"] = o.ExcludedUsers var b bytes.Buffer enc := json.NewEncoder(&b) enc.SetEscapeHTML(false) diff --git a/model_object_or_userset.go b/model_object_or_userset.go deleted file mode 100644 index 012fed1..0000000 --- a/model_object_or_userset.go +++ /dev/null @@ -1,160 +0,0 @@ -/** - * Go SDK for OpenFGA - * - * API version: 1.x - * Website: https://openfga.dev - * Documentation: https://openfga.dev/docs - * Support: https://openfga.dev/community - * License: [Apache-2.0](https://github.com/openfga/go-sdk/blob/main/LICENSE) - * - * NOTE: This file was auto generated by OpenAPI Generator (https://openapi-generator.tech). DO NOT EDIT. - */ - -package openfga - -import ( - "bytes" - - "encoding/json" -) - -// ObjectOrUserset struct for ObjectOrUserset -type ObjectOrUserset struct { - Object *FgaObject `json:"object,omitempty"yaml:"object,omitempty"` - Userset *UsersetUser `json:"userset,omitempty"yaml:"userset,omitempty"` -} - -// NewObjectOrUserset instantiates a new ObjectOrUserset object -// This constructor will assign default values to properties that have it defined, -// and makes sure properties required by API are set, but the set of arguments -// will change when the set of required properties is changed -func NewObjectOrUserset() *ObjectOrUserset { - this := ObjectOrUserset{} - return &this -} - -// NewObjectOrUsersetWithDefaults instantiates a new ObjectOrUserset object -// This constructor will only assign default values to properties that have it defined, -// but it doesn't guarantee that properties required by API are set -func NewObjectOrUsersetWithDefaults() *ObjectOrUserset { - this := ObjectOrUserset{} - return &this -} - -// GetObject returns the Object field value if set, zero value otherwise. -func (o *ObjectOrUserset) GetObject() FgaObject { - if o == nil || o.Object == nil { - var ret FgaObject - return ret - } - return *o.Object -} - -// GetObjectOk returns a tuple with the Object field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *ObjectOrUserset) GetObjectOk() (*FgaObject, bool) { - if o == nil || o.Object == nil { - return nil, false - } - return o.Object, true -} - -// HasObject returns a boolean if a field has been set. -func (o *ObjectOrUserset) HasObject() bool { - if o != nil && o.Object != nil { - return true - } - - return false -} - -// SetObject gets a reference to the given FgaObject and assigns it to the Object field. -func (o *ObjectOrUserset) SetObject(v FgaObject) { - o.Object = &v -} - -// GetUserset returns the Userset field value if set, zero value otherwise. -func (o *ObjectOrUserset) GetUserset() UsersetUser { - if o == nil || o.Userset == nil { - var ret UsersetUser - return ret - } - return *o.Userset -} - -// GetUsersetOk returns a tuple with the Userset field value if set, nil otherwise -// and a boolean to check if the value has been set. -func (o *ObjectOrUserset) GetUsersetOk() (*UsersetUser, bool) { - if o == nil || o.Userset == nil { - return nil, false - } - return o.Userset, true -} - -// HasUserset returns a boolean if a field has been set. -func (o *ObjectOrUserset) HasUserset() bool { - if o != nil && o.Userset != nil { - return true - } - - return false -} - -// SetUserset gets a reference to the given UsersetUser and assigns it to the Userset field. -func (o *ObjectOrUserset) SetUserset(v UsersetUser) { - o.Userset = &v -} - -func (o ObjectOrUserset) MarshalJSON() ([]byte, error) { - toSerialize := map[string]interface{}{} - if o.Object != nil { - toSerialize["object"] = o.Object - } - if o.Userset != nil { - toSerialize["userset"] = o.Userset - } - var b bytes.Buffer - enc := json.NewEncoder(&b) - enc.SetEscapeHTML(false) - err := enc.Encode(toSerialize) - if err != nil { - return nil, err - } - return b.Bytes(), nil -} - -type NullableObjectOrUserset struct { - value *ObjectOrUserset - isSet bool -} - -func (v NullableObjectOrUserset) Get() *ObjectOrUserset { - return v.value -} - -func (v *NullableObjectOrUserset) Set(val *ObjectOrUserset) { - v.value = val - v.isSet = true -} - -func (v NullableObjectOrUserset) IsSet() bool { - return v.isSet -} - -func (v *NullableObjectOrUserset) Unset() { - v.value = nil - v.isSet = false -} - -func NewNullableObjectOrUserset(val *ObjectOrUserset) *NullableObjectOrUserset { - return &NullableObjectOrUserset{value: val, isSet: true} -} - -func (v NullableObjectOrUserset) MarshalJSON() ([]byte, error) { - return json.Marshal(v.value) -} - -func (v *NullableObjectOrUserset) UnmarshalJSON(src []byte) error { - v.isSet = true - return json.Unmarshal(src, &v.value) -}