feat: add POST method support for single permission checks#31
Merged
zeevmoney merged 10 commits intopermitio:mainfrom Feb 8, 2026
Merged
feat: add POST method support for single permission checks#31zeevmoney merged 10 commits intopermitio:mainfrom
zeevmoney merged 10 commits intopermitio:mainfrom
Conversation
Add optional method parameter to loadLocalState and addKeyToState functions, defaulting to GET for backward compatibility. When POST is used, userAttributes and resourceAttributes are sent in the request body, enabling ABAC support for single permission checks (consistent with loadLocalStateBulk behavior).
Add optional method parameter to loadLocalState and addKeyToState
functions, defaulting to GET for backward compatibility. When POST
is used, userAttributes and resourceAttributes are sent in the
request body, enabling ABAC support for single permission checks
(consistent with loadLocalStateBulk behavior).
zeevmoney
requested changes
Jan 12, 2026
Contributor
zeevmoney
left a comment
zeevmoney
left a comment
There was a problem hiding this comment.
Thank you for the contribution. Please see the comments and add tests.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds POST method support for single permission checks to enable ABAC (Attribute-Based Access Control) by allowing userAttributes and resourceAttributes to be sent in the request body, consistent with the existing loadLocalStateBulk behavior.
Changes:
- Added optional
method: 'GET' | 'POST'parameter toloadLocalStateandaddKeyToStatefunctions with GET as default - Modified
getPermissionFromBEto handle POST requests with attributes in the request body - Made
userAttributesoptional in theaddKeyToStateinterface signature
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add HttpMethod type for permission check requests - Update loadLocalState and addKeyToState to accept optional method parameter - When POST is used, userAttributes and resourceAttributes are sent in request body - Refactor POST error handling to use try/catch - Add tests for POST method functionality
feat: add POST method support for single permission checks
- Added permit.reset() calls in multiple test cases to ensure a clean state before loading local permissions. - This change improves test reliability by preventing state carryover between tests.
test: reset permit state before loading local state in POST method tests
zeevmoney
requested changes
Jan 13, 2026
Contributor
zeevmoney
left a comment
zeevmoney
left a comment
There was a problem hiding this comment.
Still needs some work, see comments
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…eyToState and getPermissionFromBE - Updated addKeyToState and getPermissionFromBE functions to accept optional userAttributes and resourceAttributes parameters. - Default values are now set for userAttributes and resourceAttributes to improve flexibility in permission checks. - Adjusted related tests to reflect these changes, ensuring compatibility with the new optional parameters.
refactor: make userAttributes and resourceAttributes optional in addK…
zeevmoney
requested changes
Jan 15, 2026
Contributor
zeevmoney
left a comment
zeevmoney
left a comment
There was a problem hiding this comment.
Please fix the API breaking changes.
This API is very old and will be replaced soon, so for now we must maintain the structure.
zeevmoney
requested changes
Jan 15, 2026
- Introduced userAttributes as an optional parameter in the Permit interface and related functions to enhance flexibility in permission checks. - Updated the implementation to utilize finalUserAttributes for permission requests. - Modified tests to accommodate changes in the addKeyToState function, ensuring compatibility with the new userAttributes structure.
feat: add userAttributes support in Permit and update tests
Contributor
Author
|
@zeevmoney I have resolved the comment. Please let me know if any other changes are required. |
zeevmoney
approved these changes
Feb 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add optional
method: 'GET' | 'POST'parameter toloadLocalStateandaddKeyToStatefunctions, defaulting to GET for backward compatibility.When POST is used,
userAttributesandresourceAttributesare sent inthe request body, enabling ABAC support for single permission checks
(consistent with
loadLocalStateBulkbehavior)