warrant 2.1.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78f048c8c4f4611aafd280b84cce9cd09d8d664b6892030ec564bf34b80215ea
-  data.tar.gz: bba96bc3e9c504487af9b5ebad98b673b3592eb9b72fecba81ebf33e52ae54de
+  metadata.gz: 8782e5ba0cc2c866761a7c4d906eebe324202b9ea12a14f50b0f250c62483c20
+  data.tar.gz: cfe03ef0070f0e60d8c88f1a8e636c93eb7265d5a367e6f1d99cb787a2e0aff3
 SHA512:
-  metadata.gz: 0e4a8f1e22266df4957bbd40f45c0d42a336a13091d33cccb40482d632f98b494f05218de73c61a5bb85216116595751f5fc331f626afc3b6d7ea5ae017cf581
-  data.tar.gz: b4f41491a47957d3bfb888231e2b110d70d0fad7e24ff82a4f64a51460dd4a78fd8ab8a86d26b20433ff8ff403ca3f5b9051d976f1b0adb6869e98f92a08cecc
+  metadata.gz: 7e7a48c244de2fa3a9e402682c3775f84e429e1330404dc1b06281dd5c689379cb974e47c6fc0fc0b8175d52edbaea34e893946c3bcbec029d7d579201e05ffc
+  data.tar.gz: 966d6a67910a9d001f26a592fc226813b9d82acd61b2cb684c84fff8adc9e1b63e50970c366c217022f5bf5a57316d977f1d0736930c038a9af79171f99dd2f1

data/lib/warrant/models/feature.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class Feature
+        OBJECT_TYPE = "feature"
+
         include Warrant::WarrantObject
 
         attr_reader :feature_id
@@ -134,7 +136,7 @@ module Warrant
         # @param tenant_id [String] The tenant_id of the tenant you want to assign a feature to.
         # @param feature_id [String] The feature_id of the feature you want to assign to a tenant.
         #
-        # @return [Feature] assigned feature
+        # @return [Warrant] warrant assigning feature to tenant
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -142,15 +144,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_tenant(tenant_id, feature_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                feature = JSON.parse(res.body)
-                Feature.new(feature['featureId'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
         end
 
         # Remove a feature from a tenant
@@ -166,14 +160,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_tenant(tenant_id, feature_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
         end
 
         # List features for user
@@ -204,7 +191,7 @@ module Warrant
         # @param user_id [String] The user_id of the user you want to assign a feature to.
         # @param feature_id [String] The feature_id of the feature you want to assign to a user.
         #
-        # @return [Feature] assigned feature
+        # @return [Warrant] warrant assigning feature to user
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -212,15 +199,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_user(user_id, feature_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                feature = JSON.parse(res.body)
-                Feature.new(feature['featureId'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # Remove a feature from a user
@@ -236,14 +215,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_user(user_id, feature_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # List features for pricing tier
@@ -274,7 +246,7 @@ module Warrant
         # @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign a feature to.
         # @param feature_id [String] The feature_id of the feature you want to assign to a pricing tier.
         #
-        # @return [Feature] assigned pricing tier
+        # @return [Warrant] warrant assigning feature to pricing tier
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -282,15 +254,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_pricing_tier(pricing_tier_id, feature_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/pricing-tiers/#{pricing_tier_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                feature = JSON.parse(res.body)
-                Feature.new(feature['featureId'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
         end
 
         # Remove a feature from a pricing tier
@@ -306,14 +270,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_pricing_tier(pricing_tier_id, feature_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/pricing-tiers/#{pricing_tier_id}/features/#{feature_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
         end
 
         def warrant_object_type

data/lib/warrant/models/permission.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class Permission
+        OBJECT_TYPE = "permission"
+
         include Warrant::WarrantObject
 
         attr_reader :permission_id, :name, :description
@@ -186,7 +188,7 @@ module Warrant
         # @param role_id [String] The role_id of the role you want to assign a permission to.
         # @param permission_id [String] The permission_id of the permission you want to assign to a role.
         #
-        # @return [Permission] assigned permission
+        # @return [Warrant] warrant assigning permission to role
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -195,15 +197,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_role(role_id, permission_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                permission = JSON.parse(res.body)
-                Permission.new(permission['permissionId'], permission['name'], permission['description'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
         end
 
         # Remove a permission from a role
@@ -219,14 +213,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_role(role_id, permission_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
         end
 
         # List permissions for a user
@@ -257,7 +244,7 @@ module Warrant
         # @param user_id [String] The user_id of the user you want to assign a permission to.
         # @param permission_id [String] The permission_id of the permission you want to assign to a user.
         #
-        # @return [Permission] assigned permission
+        # @return [Warrant] warrant assigning permission to user
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -266,15 +253,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_user(user_id, permission_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                permission = JSON.parse(res.body)
-                Permission.new(permission['permissionId'], permission['name'], permission['description'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # Remove a permission from a user
@@ -290,14 +269,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_user(user_id, permission_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         def warrant_object_type

data/lib/warrant/models/pricing_tier.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class PricingTier
+        OBJECT_TYPE = "pricing-tier"
+
         include Warrant::WarrantObject
 
         attr_reader :pricing_tier_id
@@ -135,7 +137,7 @@ module Warrant
         # @param tenant_id [String] The tenant_id of the tenant you want to assign a pricing tier to.
         # @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a tenant.
         #
-        # @return [PricingTier] assigned pricing tier
+        # @return [Warrant] warrant assigning pricing tier to tenant
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -143,15 +145,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_tenant(tenant_id, pricing_tier_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/pricing-tiers/#{pricing_tier_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                pricing_tier = JSON.parse(res.body)
-                PricingTier.new(pricing_tier['pricingTierId'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
         end
 
         # Remove a pricing tier from a tenant
@@ -167,14 +161,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_tenant(tenant_id, pricing_tier_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/pricing-tiers/#{pricing_tier_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
         end
 
         # List pricing tiers for user
@@ -205,7 +192,7 @@ module Warrant
         # @param user_id [String] The user_id of the user you want to assign a pricing tier to.
         # @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a user.
         #
-        # @return [PricingTier] assigned pricing tier
+        # @return [Warrant] warrant assigning pricing tier to user
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -213,15 +200,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_user(user_id, pricing_tier_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/pricing-tiers/#{pricing_tier_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                pricing_tier = JSON.parse(res.body)
-                PricingTier.new(pricing_tier['pricingTierId'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # Remove a pricing tier from a user
@@ -237,14 +216,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_user(user_id, pricing_tier_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/pricing-tiers/#{pricing_tier_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # List features for a pricing tier

data/lib/warrant/models/role.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class Role
+        OBJECT_TYPE = "role"
+
         include Warrant::WarrantObject
 
         attr_reader :role_id, :name, :description
@@ -186,7 +188,7 @@ module Warrant
         # @param user_id [String] The user_id of the user you want to assign a role to.
         # @param role_id [String] The role_id of the role you want to assign to a user.
         #
-        # @return [Role] assigned role
+        # @return [Warrant] warrant assigning role to user
         #
         # @raise [Warrant::DuplicateRecordError]
         # @raise [Warrant::InternalError]
@@ -195,15 +197,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_user(user_id, role_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                role = JSON.parse(res.body)
-                Role.new(role['roleId'], role['name'], role['description'])
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # Remove a role from a user
@@ -220,14 +214,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_user(user_id, role_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # List assigned permissions for the role

data/lib/warrant/models/session.rb

@@ -33,6 +33,7 @@ module Warrant
         # @param redirect_url [String] URL to redirect to once self-service session is created
         # @option params [String] :user_id Id of the user to create a session for.
         # @option params [String] :tenant_id Id of the tenant to create a session for
+        # @option params [String] :self_service_strategy Determines whether a self-service token can be used for managing user roles and permissions (`rbac`) or managing fine-grained user access to a particular object (`fgac`)
         # @option params [Integer] :ttl Number of seconds a session should live for. By default session tokens live for 24 hours and self service tokens live for 30 minutes.
         #
         # @return [String] URL to the self service dashboard

data/lib/warrant/models/tenant.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class Tenant
+        OBJECT_TYPE = "tenant"
+
         include Warrant::WarrantObject
 
         attr_reader :tenant_id, :name, :created_at

data/lib/warrant/models/user.rb

@@ -2,6 +2,8 @@
 
 module Warrant
     class User
+        OBJECT_TYPE = "user"
+
         include Warrant::WarrantObject
 
         attr_reader :user_id, :email, :created_at
@@ -358,16 +360,7 @@ module Warrant
         # @raise [Warrant::NotFoundError]
         # @raise [Warrant::UnauthorizedError]
         def self.assign_to_tenant(tenant_id, user_id)
-            res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/users/#{user_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                res_json = JSON.parse(res.body)
-                subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'], res_json['subject']['relation'])
-                Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject)
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.create({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # Remove a user from a tenant
@@ -382,14 +375,7 @@ module Warrant
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
         def self.remove_from_tenant(tenant_id, user_id)
-            res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}/users/#{user_id}"))
-
-            case res
-            when Net::HTTPSuccess
-                return
-            else
-                APIOperations.raise_error(res)
-            end
+            Warrant.delete({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
         end
 
         # List all tenants for a user

data/lib/warrant/models/warrant.rb

@@ -16,9 +16,9 @@ module Warrant
 
         # Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
         #
-        # @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
+        # @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
         # @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
-        # @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
+        # @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
         # @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be created for. (optional)
         #
         # @return [Warrant] created warrant
@@ -32,12 +32,12 @@ module Warrant
         # @raise [Warrant::WarrantError]
         def self.create(object, relation, subject, context = nil)
             params = {
-                object_type: object.warrant_object_type.to_s,
-                object_id: object.warrant_object_id.to_s,
+                object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
+                object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
                 relation: relation,
                 subject: {
-                    object_type: subject.warrant_object_type.to_s,
-                    object_id: subject.warrant_object_id.to_s
+                    object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
+                    object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
                 },
                 context: context
             }
@@ -55,9 +55,9 @@ module Warrant
 
         # Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
         #
-        # @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
+        # @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
         # @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
-        # @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
+        # @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
         # @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be deleted in. (optional)
         #
         # @return [nil] if delete was successful
@@ -69,12 +69,12 @@ module Warrant
         # @raise [Warrant::WarrantError]
         def self.delete(object, relation, subject, context = nil)
             params = {
-                object_type: object.warrant_object_type.to_s,
-                object_id: object.warrant_object_id.to_s,
+                object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
+                object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
                 relation: relation,
                 subject: {
-                    object_type: subject.warrant_object_type.to_s,
-                    object_id: subject.warrant_object_id.to_s
+                    object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
+                    object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
                 },
                 context: context
             }
@@ -88,29 +88,67 @@ module Warrant
             end
         end
 
-        # Query to find all warrants for a given subject.
+        # Query to find all warrants for a given object or subject.
         #
-        # @option params [String] :select Specifies the type of results to be returned by the query. Optionally, the `explicit` keyword can be provided (i.e. `explicit warrants`) to specify that only explicit results be returned. By default, both implicit and explicit results are returned.
-        # @option params [String] :for A list of conditions specifying which resources to query results for (i.e. "get all warrants **for role:admin**"). Only those warrants matching **all** of the conditions in the `for` clause are selected. If the `explicit` keyword is not specified in the `select` param, the resulting warrants are then expanded to determine if they imply other warrants (i.e. "the owner of a report is also an editor of that report"). Must be zero or more comma separated values in the format `object|relation|subject|context = val`. For object and subject filters, you can filter on all object ids by using the `*` character (i.e. `role:*`). (optional)
-        # @option params [String] :where A list of conditions to be applied to the result set before it is returned. If a where clause is provided, the query will only return results matching **all** conditions. Must be zero or more comma separated values in the format `object|relation|subject|context = val``. For object and subject filters, you can filter on all object ids by using the `*` character, i.e. `role:*`. (optional)
+        # @param warrant_query [WarrantQuery] Query to run for a set of warrants.
+        # @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
+        # @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
         #
-        # @return [Array<Warrant>] list of all warrants with provided params
+        # @return [Hash] Query result with `result` listing warrants returned and `meta` with metadata for the selected object types.
         #
         # @raise [Warrant::InternalError]
         # @raise [Warrant::InvalidParameterError]
         # @raise [Warrant::MissingRequiredParameterError]
         # @raise [Warrant::UnauthorizedError]
         # @raise [Warrant::WarrantError]
-        def self.query(params = {})
-            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/query"), params)
+        def self.query(warrant_query = WarrantQuery.new, filters = {})
+            res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/query"), { "q": warrant_query.to_query_param, **filters })
 
             case res
             when Net::HTTPSuccess
-                warrants = JSON.parse(res.body)
-                warrants.map{ |warrant|
+                query_result = JSON.parse(res.body)
+                query_result['result'] = query_result['result'].map{ |warrant|
                     subject = Subject.new(warrant['subject']['objectType'], warrant['subject']['objectId'], warrant['subject']['relation'])
                     Warrant.new(warrant['objectType'], warrant['objectId'], warrant['relation'], subject, warrant['context'], warrant['isImplicit'])
                 }
+
+                if query_result['meta']['feature']
+                    query_result['meta']['feature'].each{ |featureId, feature|
+                        query_result['meta']['feature'][featureId] = Feature.new(feature['featureId'])
+                    }
+                end
+
+                if query_result['meta']['pricing-tier']
+                    query_result['meta']['pricing-tier'].each{ |pricingTierId, pricingTier|
+                        query_result['meta']['pricing-tier'][pricingTierId] = PricingTier.new(pricingTier['pricingTierId'])
+                    }
+                end
+
+                if query_result['meta']['permission']
+                    query_result['meta']['permission'].each{ |permissionId, permission|
+                        query_result['meta']['permission'][permissionId] = Permission.new(permission['permissionId'], permission['name'], permission['description'])
+                    }
+                end
+
+                if query_result['meta']['role']
+                    query_result['meta']['role'].each{ |roleId, role|
+                        query_result['meta']['role'][roleId] = Role.new(role['roleId'], role['name'], role['description'])
+                    }
+                end
+
+                if query_result['meta']['user']
+                    query_result['meta']['user'].each{ |userId, user|
+                        query_result['meta']['user'][userId] = User.new(user['userId'], user['email'], user['createdAt'])
+                    }
+                end
+
+                if query_result['meta']['tenant']
+                    query_result['meta']['tenant'].each{ |tenantId, tenant|
+                        query_result['meta']['tenant'][tenantId] = Tenant.new(tenant['tenantId'], tenant['name'], tenant['createdAt'])
+                    }
+                end
+
+                query_result
             else
                 APIOperations.raise_error(res)
             end
@@ -306,11 +344,11 @@ module Warrant
         def self.user_has_permission?(params = {})
             return is_authorized?(
                 warrants: [{
-                    object_type: "permission",
+                    object_type: Permission::OBJECT_TYPE,
                     object_id: params[:permission_id],
                     relation: "member",
                     subject: {
-                        object_type: "user",
+                        object_type: User::OBJECT_TYPE,
                         object_id: params[:user_id]
                     },
                     context: params[:context]
@@ -339,7 +377,7 @@ module Warrant
         def self.has_feature?(params = {})
             return is_authorized?(
                 warrants: [{
-                    object_type: "feature",
+                    object_type: Feature::OBJECT_TYPE,
                     object_id: params[:feature_id],
                     relation: "member",
                     subject: {

data/lib/warrant/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Warrant
-  VERSION = "2.1.0"
+  VERSION = "3.0.0"
 end

data/lib/warrant/warrant_query.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Warrant
+    class WarrantQuery
+        attr_accessor :select_clause, :for_clause, :where_clause
+
+        def initialize
+            @select_clause = []
+            @for_clause = {}
+            @where_clause = {}
+        end
+
+        def select(*object_types)
+            @select_clause = object_types
+            self
+        end
+
+        def select_explicit(*object_types)
+            @select_clause = "explicit #{object_types}"
+            self
+        end
+
+        def for(for_filters)
+            @for_clause = @for_clause.merge(for_filters)
+            self
+        end
+
+        def where(where_filters)
+            @where_clause = @where_clause.merge(where_filters)
+            self
+        end
+
+        def to_query_param
+            if @select_clause.length == 0 || @for_clause.empty?
+                raise "Must have a select and for clause"
+            end
+
+            query = "SELECT #{@select_clause.join(",")} FOR #{filters_hash_to_string(@for_clause)}"
+            query += " WHERE #{filters_hash_to_string(@where_clause)}" unless @where_clause.empty?
+
+            query
+        end
+
+        private
+
+        def filters_hash_to_string(filters)
+            filter_string = ""
+
+            if filters[:object]
+                filter_string += "object=#{filters[:object]}"
+            elsif filters[:subject]
+                filter_string += "subject=#{filters[:subject]}"
+            end
+
+            if filters[:context]
+                context_values = []
+                filters[:context].each{ |k, v|
+                    context_values.push("#{k}=#{v}")
+                }
+
+                filter_string += " AND context=[#{context_values.join(" ")}]"
+            end
+
+            filter_string
+        end
+    end
+end

data/lib/warrant.rb

@@ -7,6 +7,7 @@ require "json"
 require "forwardable"
 
 require "warrant/warrant_object"
+require "warrant/warrant_query"
 
 require "warrant/api_operations"
 require "warrant/errors"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: warrant
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Warrant
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-01-06 00:00:00.000000000 Z
+date: 2023-03-15 00:00:00.000000000 Z
 dependencies: []
 description: Ruby library for the Warrant API at https://warrant.dev.
 email: hello@warrant.dev
@@ -41,6 +41,7 @@ files:
 - lib/warrant/version.rb
 - lib/warrant/warrant_configuration.rb
 - lib/warrant/warrant_object.rb
+- lib/warrant/warrant_query.rb
 homepage: https://github.com/warrant-dev/warrant-ruby
 licenses:
 - MIT
@@ -49,7 +50,7 @@ metadata:
   source_code_uri: https://github.com/warrant-dev/warrant-ruby
   changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
   documentation_uri: https://docs.warrant.dev/
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -64,8 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Warrant Ruby Library
 test_files: []