From 420e955186196d4ceda8c7b073a517561db49b5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 16 Jun 2025 12:05:37 +0200 Subject: [PATCH] docs: Update examples and add Lorri --- .envrc | 10 ++++++++- .gitignore | 1 + examples.md | 60 +++++++++++++++++++++++++++++++++++++++++++++-------- shell.nix | 6 ++---- 4 files changed, 63 insertions(+), 14 deletions(-) diff --git a/.envrc b/.envrc index 4a4726a..82b2b9e 100644 --- a/.envrc +++ b/.envrc @@ -1 +1,9 @@ -use_nix +#!/usr/bin/env bash +# the shebang is ignored, but nice for editors + +if type -P lorri &>/dev/null; then + eval "$(lorri direnv)" +else + echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]' + use nix +fi diff --git a/.gitignore b/.gitignore index 4fca226..070691d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ out kladd.csv +.direnv/ diff --git a/examples.md b/examples.md index 5c1ceb9..f461f5d 100644 --- a/examples.md +++ b/examples.md @@ -1,13 +1,55 @@ -fga tuple write user:aleksander.libaek@akerbla.no member group:/akerbla -fga tuple delete user:aleksander.libaek@akerbla.no member group:akerbla -fga tuple write user:aleksander.libaek@akerbla.no active user:aleksander.libaek@akerbla.no -fga tuple write user:aleksander.libaek@akerbla.no registered user:aleksander.libaek@akerbla.no +# OpenFGA -fga query list-objects archive:40d3f9cf-90bc-4aa0-b4d3-62d066d42bd9 -fga query list-objects 'group' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 -fga query list-objects 'group:/leroy' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 -fga query list-objects 'group:/leroy#member' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 -fga tuple write group:/stim#member view archive:23feab9e-e9af-49fd-a740-33c0b63ffd0b --condition-name term --condition-context '{"start_time": "2025-03-18T00:00:00Z", "end_time": "2025-05-01T00:00:00Z"}' +## The OpenFGA CLI + +### Writing tuples + +Add user:aleksander.libaek@akerbla.no as a member of organisation group:/akerbla + +```console +$ fga tuple write user:aleksander.libaek@akerbla.no member group:/akerbla +``` + +Add as `active` or `registered`: + +```console +$ fga tuple write user:aleksander.libaek@akerbla.no active user:aleksander.libaek@akerbla.no +$ fga tuple write user:aleksander.libaek@akerbla.no registered user:aleksander.libaek@akerbla.no +``` + +A more complex write operation: +```console +$ fga tuple write group:/stim#member view archive:23feab9e-e9af-49fd-a740-33c0b63ffd0b --condition-name term --condition-context '{"start_time": "2025-03-18T00:00:00Z", "end_time": "2025-05-01T00:00:00Z"}' +``` + +To write a group of tuples, specify a file that contains those tuples. Here with `.csv` file: +```console fga tuple write --file ohs.csv +``` + + +### Deleting a tuples + +Delete `user:aleksander.libaek@akerbla.no` as a member of organisation `group:/akerbla` +```console +$ fga tuple delete user:aleksander.libaek@akerbla.no member group:/akerbla +``` + +To delete a group of tuples, specify a file that contains those tuples. Here with `.csv` file: +```console +$ fga tuple delete --file ohs.csv +``` + + +### Query objects + +List all objects from an `archive`, with `group` views + +```console +$ fga query list-objects archive:40d3f9cf-90bc-4aa0-b4d3-62d066d42bd9 +$ fga query list-objects 'group' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 +$ fga query list-objects 'group:/leroy' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 +$ fga query list-objects 'group:/leroy#member' view archive:fa4ecc27-ba1f-484f-a40b-8e3c1d8f5349 +``` diff --git a/shell.nix b/shell.nix index 76403e7..880f3c3 100644 --- a/shell.nix +++ b/shell.nix @@ -1,6 +1,6 @@ -with import {}; +with import { }; pkgs.mkShell { - nativeBuildInputs = [ + packages = [ openfga-cli ]; @@ -10,6 +10,4 @@ pkgs.mkShell { # FGA_API_URL = "https://openfga.srv.oceanbox.io"; # FGA_STORE_ID = "01JKTZXMP7ANN4GG2P5W8Y56M6"; # FGA_MODEL_ID = "01JKTZYMCZZBVSBG66W27XMW0A"; - - }