Merge branch 'main' into fix/docs/reader-relation-mismatch

Author: aaguiarz

.github/workflows/checks.yaml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368
+      - uses: tcort/github-action-markdown-link-check@a800ad5f1c35bf61987946fd31c15726a1c9f2ba # v1.1.0
         with:
           file-extension: '.md'
           use-quiet-mode: 'yes'
@@ -61,7 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368
+      - uses: tcort/github-action-markdown-link-check@a800ad5f1c35bf61987946fd31c15726a1c9f2ba # v1.1.0
         with:
           file-extension: '.mdx'
           use-quiet-mode: 'yes'

docs/content/best-practices/adoption-patterns.mdx

@@ -159,7 +159,7 @@ On the other hand, adding another service increases latency, adds additional com
 
 ## Shadowing the <ProductName format={ProductNameFormat.ShortForm}/> API
 
-When migrating from an existing authorization system to <ProductName format={ProductNameFormat.ShortForm}/>, it's recommended to first run both systems in parallel, with <ProductName format={ProductNameFormat.ShortForm}/> in "shadow mode". This means that while the existing system continues to make the actual authorization decisions, you also make calls to <ProductName format={ProductNameFormat.ShortForm}/> asynchornously and compare the results.
+When migrating from an existing authorization system to <ProductName format={ProductNameFormat.ShortForm}/>, it's recommended to first run both systems in parallel, with <ProductName format={ProductNameFormat.ShortForm}/> in "shadow mode". This means that while the existing system continues to make the actual authorization decisions, you also make calls to <ProductName format={ProductNameFormat.ShortForm}/> asynchronously and compare the results.
 
 This approach has several benefits:
 

docs/content/configuration-language.mdx

@@ -34,6 +34,7 @@ Please familiarize yourself with basic <ProductConcept /> and [How to get starte
 Below is a sample authorization model. The next sections discuss the basics of the <ProductName format={ProductNameFormat.ShortForm}/> configuration language.
 
 <AuthzModelSnippetViewer
+  syntaxesToShow={[SyntaxFormat.Dsl, SyntaxFormat.Json]}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -978,7 +979,6 @@ relation {
 In the <ProductName format={ProductNameFormat.ShortForm}/> DSL, it becomes:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -1042,7 +1042,7 @@ In the <ProductName format={ProductNameFormat.ShortForm}/> DSL, it becomes:
 In the <ProductName format={ProductNameFormat.ShortForm}/> JSON, it becomes:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Api}
+  syntaxesToShow={[SyntaxFormat.Json]}
   configuration={{
     schema_version: '1.1',
     type_definitions: [

docs/content/getting-started/setup-openfga/docker-setup.mdx

@@ -42,7 +42,7 @@ docker network create openfga
 You can then start Postgres in the network you created above:
 
 ```shell
-docker run -d --name postgres --network=openfga -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=password postgres:14
+docker run -d --name postgres --network=openfga -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=password postgres:17
 ```
 
 You should now have Postgres running in a container in the `openfga` network. However, it will not have the tables required for running OpenFGA. You can use the `migrate` command to create the tables. Using the OpenFGA container, this will look like:
@@ -74,7 +74,7 @@ networks:
 
 services:
   postgres:
-    image: postgres:14
+    image: postgres:17
     container_name: postgres
     networks:
       - openfga

docs/content/interacting/relationship-queries.mdx

@@ -181,12 +181,24 @@ For example, you can call Batch Check to determine whether `bob` has `can_view_n
 
 The <ProductName format={ProductNameFormat.ShortForm}/> API will return `true` depending on the level of access assigned to that user and the implied relationships inherited in the authorization model.
 
-
 ### Caveats and when not to use it
 
 If you are making less than 10 checks, it may be faster to call the [Check API](/api/service#Relationship%20Queries/Check) in parallel instead of Batch Check.
 
-The new BatchCheck endpoint is currently supported by the JS SDK (>=[v0.8.0](https://github.com/openfga/js-sdk/releases/tag/v0.8.0) and the Python SDK (>=[v0.9.0](https://github.com/openfga/python-sdk/releases/tag/v0.9.0)). Support in the other SDKs is being worked on.
+:::note
+The BatchCheck endpoint is currently supported by the following SDKs:
+- Go SDK ([>=0.7.0](https://github.com/openfga/go-sdk/releases/tag/v0.7.0))
+- JavaScript SDK ([>=v0.8.0](https://github.com/openfga/js-sdk/releases/tag/v0.8.0))
+- Python SDK ([>=v0.9.0](https://github.com/openfga/python-sdk/releases/tag/v0.9.0))
+- Java SDK ([>=0.8.1](https://github.com/openfga/java-sdk/releases/tag/v0.8.1))
+- Support for .NET is in progress and coming soon.
+
+In SDKs that support the `BatchCheck` endpoint (server-side batch checks), the previous `BatchCheck` method has been renamed to `ClientBatchCheck`. `ClientBatchCheck` performs client-side batch checks by making multiple check requests with limited parallelization.
+
+The .NET SDK does not yet support the `BatchCheck` endpoint (coming soon). Until then, the `BatchCheck` method maintains its current behavior, performing client-side batch checks equivalent to `ClientBatchCheck` in other SDKs.
+
+Refer to the README for each SDK for more information. Refer to the release notes of the relevant SDK version for more information on how to migrate from client-side to the server-side `BatchCheck`.
+:::
 
 ## Read
 

docs/content/modeling/advanced/slack.mdx

@@ -901,7 +901,7 @@ Upcoming tutorials will dive deeper into <ProductName format={ProductNameFormat.
 <Playground title="Slack" preset="slack" example="Slack" store="slack" />
 
 If you are interested in learning more about Authorization and Role Management at Slack, check out the Auth0 Fine-Grained Authorization (FGA) team's chat with the Slack engineering team.
-
+<!-- markdown-link-check-disable -->
 <figure className="video_container">
   <iframe
     style={{ marginTop: 36, borderRadius: 8 }}
@@ -913,6 +913,7 @@ If you are interested in learning more about Authorization and Role Management a
     allowFullScreen
   />
 </figure>
+<!-- markdown-link-check-enable -->
 
 ### Exercises for you
 

docs/content/modeling/getting-started.mdx

@@ -331,7 +331,6 @@ We will also need to add "User" to the list as it establishes the type of user w
 Now that we have a list of object types we can start defining them using the <UpdateProductNameInLinks link="../configuration-language" name="{ProductName} Configuration Language" />:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -554,7 +553,6 @@ Relation names in <ProductName format={ProductNameFormat.ShortForm}/> are arbitr
 Remember _"How a user is added as a member to an organization is beyond the scope of this feature."_ For the purposes of this model the relation definition should be:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -611,7 +609,6 @@ If you want to learn more, you can read further about this in [Modeling User Gro
 The complete <ProductConcept section="what-is-a-type-definition" linkName="type definition" /> for the **organization** type is:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -659,7 +656,6 @@ When a document is created, a relationship tuple will be stored in <ProductName
 The relation definition then should be:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -694,7 +690,6 @@ When a user shares a document with another user or set of users as editor, a rel
 The relation definition then should be:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -739,7 +734,6 @@ You can learn more about this in [Modeling User Groups](./user-groups.mdx).
 The viewer relation is similar to the document's [editor relation](#relation-editor). It will be defined like this:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -772,7 +766,6 @@ This relation is different from the others we have seen so far, as it is a relat
 When a document is created a relationship tuple will be stored in <ProductName format={ProductNameFormat.ShortForm}/> to represent this relationship between parent and document. The relation definition then should be:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={
       {
         type: 'document',
@@ -811,7 +804,6 @@ _A user can share a document with another user or an organization as either edit
 We can achieve that with the following definition using <UpdateProductNameInLinks link="../configuration-language" name="{ProductName} Configuration Language" />:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   skipVersion={true}
   configuration={
     {
@@ -870,7 +862,6 @@ _A user can view a document if they are an owner, viewer or editor of a document
 Similar to the [can_share relation](#relation-can_share), we can achieve that with the following definition using <UpdateProductNameInLinks link="../configuration-language" name="{ProductName} Configuration Language" />:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   skipVersion={true}
   configuration={{
     type: 'document',
@@ -937,7 +928,6 @@ _A user can write a document if they are an owner or editor of a document or if
 Similar to the [can_share relation](#relation-can_share), we can achieve that with the following definition using <UpdateProductNameInLinks link="../configuration-language" name="{ProductName} Configuration Language" />:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   skipVersion={true}
   configuration={{
     type: 'document',
@@ -986,7 +976,6 @@ _A user can change the owner of a document if they are an owner of the document.
 Similar to the [can_share relation](#relation-can_share), we can achieve that with the following definition using <UpdateProductNameInLinks link="../configuration-language" name="{ProductName} Configuration Language" />:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   skipVersion={true}
   configuration={{
     type: 'document',
@@ -1007,7 +996,6 @@ Similar to the [can_share relation](#relation-can_share), we can achieve that wi
 The complete <ProductConcept section="what-is-a-type-definition" linkName="type definition" /> for the document type is:
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [
@@ -1169,7 +1157,6 @@ The complete <ProductConcept section="what-is-a-type-definition" linkName="type
 Combining the type definitions for document and organization, we have
 
 <AuthzModelSnippetViewer
-  onlyShow={SyntaxFormat.Friendly2}
   configuration={{
     schema_version: '1.1',
     type_definitions: [

docs/content/modeling/testing-models.mdx

@@ -26,7 +26,7 @@ The `.fga.yaml` contains tests for <ProductName format={ProductNameFormat.ShortF
 | Object  | Description |
 | -------- | -------- | 
 | `name` (optional)   | A descriptive name for the test file   | 
-| `model` or `model_file`   | An <ProductName format={ProductNameFormat.ShortForm}/> model or a reference to an external model file in `fga` or `json` format  | 
+| `model` or `model_file`   | An <ProductName format={ProductNameFormat.ShortForm}/> model or a reference to an external model file in `fga`, `json` or `mod` format  | 
 |`tuples or tuple_file` (optional) | A set of tuples or a reference to an external tuple file in `json`, `yaml` or `csv` format. These are considered for all tests. |
 |`tests` | A set of tests that verify the return values of <ProductName format={ProductNameFormat.ShortForm}/> API calls |
 
@@ -51,7 +51,7 @@ model: |
      current_time < grant_time + grant_duration
   }
 
-# tuple_file: ./tuples.yaml # you can specify an external file, or include it inline
+# tuple_file: ./tuples.yaml # you can specify an external file, include it inline, or both
 tuples: 
 
    # Anne is a member of the Acme organization
@@ -79,7 +79,7 @@ Tests have the following structure:
 | Object  | Description |
 | -------- | -------- | 
 |`name` (optional) | A descriptive name for the test, like “Organization Membership”  | 
-|`tuples` | A set of tuples that are only considered for the test | 
+|`tuple_file` or `tuples` | A set of tuples that are only considered for the test | 
 |`check` | A set of tests for Check calls, each with a user/object and a set of assertions |
 |`list_objects` | A set of tests for ListObjects calls, each one with a user/type and a set of assertions for any number of relations|
 |`list_users` | A set of tests for ListUsers calls, each one with an object and user filter and a set of assertions for the users for any number of relations |
@@ -187,6 +187,12 @@ The following is an example of using the `list_users` option in <ProductName for
 ```
 The example above checks that the `organization:acme`, given the current time is February 2nd 2024, it has 'user:anne' as a `member`, nobody as an `admin`. If we tried with current time being February 1st 2024, then `user:peter` would be listed as an `admin`
 
+## Testing with Modular Models
+
+If you are using [Modular Models](./modular-models.mdx), you need to use the `fga.mod` as the `model_file`. 
+
+You can define the tests for each model in separate `.fga.yaml` files. All files should point to the `fga.mod` model. You can create a shared file with tuples and reference it with the `tuple_file` option. You can include module-specific tuples in each `fga.yaml` file.
+
 ## Running tests
 
 Tests are run using the `model test` CLI command. For instructions on installing the OpenFGA CLI, visit the [OpenFGA CLI Github repository](https://github.com/openfga/cli).

docs/content/modeling/user-groups.mdx

@@ -97,10 +97,13 @@ There are possible use cases where a group of users have a certain role on or pe
 
 To represent this in <ProductName format={ProductNameFormat.ShortForm}/>:
 
+<!-- We disable the check for these links because markdown-link-check doesn't support reading the docusaurus syntax to define the link -->
+<!-- markdown-link-check-disable --> 
 1. Introduce the concept of a `team` to the authorization model. [→](#step-1)
 2. Add users as `members` to the `team`. [→](#step-2)
 3. Assign the `team` members a relation to an object. [→](#step-3)
 4. Check an individual member's access to the object. [→](#step-4)
+<!-- markdown-link-check-enable -->
 
 ### 01. Introduce the concept of a team to the authorization model {#step-1}
 

src/components/Docs/AuthorizationModel/AuthzModelCodeBlock.tsx

@@ -13,7 +13,7 @@ type AuthzModelCodeBlockProps = {
 const AuthzModelCodeBlock: React.FC<AuthzModelCodeBlockProps> = ({ configuration, syntaxFormat, skipVersion }) => {
   return (
     <CodeBlock
-      className={`language-${syntaxFormat === SyntaxFormat.Api ? 'json' : tools.PrismExtensions.LANGUAGE_NAME}`}
+      className={`language-${syntaxFormat === SyntaxFormat.Json ? 'json' : tools.PrismExtensions.LANGUAGE_NAME}`}
     >
       {loadSyntax(configuration, syntaxFormat, skipVersion)}
     </CodeBlock>