Warrant Changelog - January 2023
It's a new year and we have lots of updates to share:
Revamped object types, now with type restrictions
We've revamped object types, making them more succinct and easier to work with. Additionally, object types now support type restrictions. For example, teams could previously specify in an object type that a user is an owner of report:A if that user is a member of another object that is an owner of report:A. However, it wasn't possible to specify that the user must be a member of a particular type of object (i.e. a tenant) in order to this inheritance to occur. This is now possible via the revamped object type schema. Check out an example below or read more in our docs.
{
"type": "report",
"relations": {
"owner": {
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "owner"
},
"editor": {
"inheritIf": "anyOf",
"rules": [
{
"inheritIf": "owner"
},
{
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "editor"
}
]
},
"viewer": {
"inheritIf": "anyOf",
"rules": [
{
"inheritIf": "editor"
},
{
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "viewer"
}
]
}
}
}
Serverless authorization & access control with Cloudflare workers
Did you know that you can use Cloudflare workers to generate Warrant client-side sessions to enable true serverless-authz? Here is an example of a simple Cloudflare worker that generates and returns user-scoped, client-side Warrant session tokens that can be used with Warrant UI components to conduct authz checks directly in front-end applications, all without a back-end!
Major updates to Python & Node SDKs
Following last month's major updates to the Java and Ruby SDKs, we're excited to share that the Python and Node SDKs have received their overhauls this month. This includes added support for:
- All RBAC operations including role, permission, user assignment, removal and authz checks
- Pricing tiers (CRUD operations and authz checks)
- Features (CRUD operations and authz checks)
- First-class types for Warrant objects and subjects to make creating, deleting and checking warrants easier and safer
New React components for permissions & features
Similar to the <ProtectedComponent />, the React SDK now ships with built-in, <FeatureProtectedComponent /> and <PermissionProtectedComponent /> components (as well as hooks) to enable easier integration of Pricing Tiers and Permissions/RBAC in front-end apps.
Cursor-based pagination on list endpoints
All list API endpoints (ex. Warrants, Tenants, Users, Permissions and Roles) now support cursor-based pagination via limit, afterId and beforeId query parameters as well as custom sorting (including paginated sorting) via sortBy, sortOrder, afterValue and beforeValue query parameters.
For example, an API request to fetch a list of the 25 users that:
- come after the user with specified id=
8fa971de-29e4-4b02-9f34-0ea581739a13and email=test@test.com - sorts the list by user email in ascending order
can be specified as follows:
GET /users?limit=25&afterId=8fa971de-29e4-4b02-9f34-0ea581739a13&afterValue=test@test.com&sortBy=email&sortOrder=ASC
You can read more about cursor-based pagination here.
