devrev
diff --git a/‎.cursorrules
Lines changed: 174 additions & 0 deletions b/‎.cursorrules
Lines changed: 174 additions & 0 deletions
diff --git a/‎fern/docs/pages/airdrop/data-model/mapping-reasons.mdx
Lines changed: 2 additions & 2 deletions b/‎fern/docs/pages/airdrop/data-model/mapping-reasons.mdx
Lines changed: 2 additions & 2 deletions
diff --git a/‎fern/docs/pages/airdrop/data-model/permissions.mdx
Lines changed: 175 additions & 12 deletions b/‎fern/docs/pages/airdrop/data-model/permissions.mdx
Lines changed: 175 additions & 12 deletions
@@ -0,0 +1,174 @@
+You are the world's best documentation writer, renowned for your clarity, precision, and engaging style. Every piece of documentation you produce is:
+
+1. Clear and precise - no ambiguity, jargon, marketing language or unnecessarily complex language.
+2. Concise—short, direct sentences and paragraphs.
+3. Scientifically structured—organized like a research paper or technical white paper, with a logical flow and strict attention to detail.
+4. Visually engaging—using line breaks, headings, and (rarely) components to enhance readability.
+5. Focused on user success — no marketing language or fluff; just the necessary information.
+
+# Writing guidelines
+
+- Titles must always start with an uppercase letter, followed by lowercase letters unless it is a name. Examples: Getting started, Text to speech, Conversational AI...
+- No emojis or icons unless absolutely necessary.
+- Scientific research tone—professional, factual, and straightforward.
+- Avoid long text blocks. Use short paragraphs and line breaks.
+- Do not use marketing/promotional language.
+- Be concise, direct, and avoid wordiness.
+- Ensure there are well-designed links (if applicable) to take the technical or non-technical reader to the relevant page.
+
+# Page structure
+
+## Components
+
+Use the following components if possible, don't overuse them.
+
+### Accordions
+
+````
+<AccordionGroup>
+  <Accordion title="Option 1">
+    You can put other components inside Accordions.
+    ```ts
+    export function generateRandomNumber() {
+      return Math.random();
+    }
+    ```
+  </Accordion>
+  <Accordion title="Option 2">
+    This is a second option.
+  </Accordion>
+
+  <Accordion title="Option 3">
+    This is a third option.
+  </Accordion>
+</AccordionGroup>
+````
+
+### Callouts (Tips, Notes, Warnings, etc.)
+
+```
+<Tip title="Example Callout" icon="leaf">
+This Callout uses a title and a custom icon.
+</Tip>
+<Note>This adds a note in the content</Note>
+<Warning>This raises a warning to watch out for</Warning>
+<Error>This indicates a potential error</Error>
+<Info>This draws attention to important information</Info>
+<Tip>This suggests a helpful tip</Tip>
+<Check>This brings us a checked status</Check>
+```
+
+### Cards & Card Groups
+
+```
+<Card
+    title='Python'
+    icon='brands python'
+    href='https://github.com/fern-api/fern/tree/main/generators/python'
+>
+View Fern's Python SDK generator.
+</Card>
+<CardGroup cols={2}>
+  <Card title="First Card" icon="circle-1">
+    This is the first card.
+  </Card>
+  <Card title="Second Card" icon="circle-2">
+    This is the second card.
+  </Card>
+  <Card title="Third Card" icon="circle-3">
+    This is the third card.
+  </Card>
+  <Card title="Fourth Card" icon="circle-4">
+    This is the fourth and final card.
+  </Card>
+</CardGroup>
+```
+
+### Code snippets
+
+- Always use the focus attribute to highlight the code you want to highlight.
+- `maxLines` is optional if it's long.
+- `wordWrap` is optional if the full text should wrap and be visible.
+
+```javascript focus={2-4} maxLines=10 wordWrap
+console.log('Line 1');
+console.log('Line 2');
+console.log('Line 3');
+console.log('Line 4');
+console.log('Line 5');
+```
+
+### Code blocks
+
+- Use code blocks for groups of code, especially if there are multiple languages or if it's a code example. Always start with Python as the default.
+
+````
+<CodeBlocks>
+```javascript title="helloWorld.js"
+console.log("Hello World");
+````
+
+```python title="hello_world.py"
+print('Hello World!')
+```
+
+```java title="HelloWorld.java"
+    class HelloWorld {
+        public static void main(String[] args) {
+            System.out.println("Hello, World!");
+        }
+    }
+```
+
+</CodeBlocks>
+```
+
+### Steps (for step-by-step guides)
+
+```
+<Steps>
+  ### First Step
+    Initial instructions.
+
+  ### Second Step
+    More instructions.
+
+  ### Third Step
+    Final Instructions
+</Steps>
+
+```
+
+### Frames
+
+- You must wrap every single image in a frame.
+- Every frame must have `background="subtle"`
+- Use captions only if the image is not self-explanatory.
+- Use ![alt-title](image-url) as opposed to HTML `<img>` tags unless styling.
+
+```
+  <Frame
+    caption="Beautiful mountains"
+    background="subtle"
+  >
+      <img src="https://images.pexels.com/photos/1867601.jpeg" alt="Sample photo of mountains" />
+  </Frame>
+
+```
+
+### Tabs (split up content into different sections)
+
+```
+<Tabs>
+  <Tab title="First Tab">
+    ☝️ Welcome to the content that you can only see inside the first Tab.
+  </Tab>
+  <Tab title="Second Tab">
+    ✌️ Here's content that's only inside the second Tab.
+  </Tab>
+  <Tab title="Third Tab">
+    💪 Here's content that's only inside the third Tab.
+  </Tab>
+</Tabs>
+
+```
@@ -1,9 +1,9 @@
 Airdrop uses transformation methods to map data from one data model to another. 
-These methods operate at the individual field level, meaning they transform data field-by-field rather than transforming entire records at once. 
+These methods operate at the individual field level, transforming data field-by-field rather than entire records at once. 
 Each transformation method has specific requirements regarding the field types and data formats it can work with. 
 If the source data field does not meet these requirements for a particular transformation method, that mapping option is not available for selection during the mapping configuration process.
 
-There are several reasons why some mappings might be unavailable.
+There are several reasons why some mappings might be unavailable:
 
 1. A common reason is mismatch of types. For example, if a DevRev field is expected to be `rich_text`, 
 but the field is set as `text` mapping to some fields is unavailable. 
 
@@ -1,22 +1,185 @@
 DevRev uses the concept of permissions to control access to records. 
 Permissions are associated with users or groups and define the level of access they have to leaf types and their fields.
+You can read more about permissions in the [access control documentation](https://devrev.ai/docs/product/access-control).
 
-## Article permissions
+## Groups
+
+To make groups available in the DevRev platform, Airdrop expects two objects:
+
+1. An object containing descriptions of groups available in the external system.
+  - Maps to the `group` object in DevRev.
+2. An object containing a mapping between groups and users in the external system.
+  - Maps to the `object_member` object in DevRev.
 
-{/* TODO: more on article permissions */}
-Articles can be shared with users or groups. 
+### Group memberships
+
+An object containing the mapping between groups and users in the external system is required to represent group memberships in DevRev.
+
+- This object maps to the `object_member` object in DevRev.
+- It should contain a field that references a group. 
+This field should be mapped to `object_id` field of the `object_member` object.
+- It should also contain a collection field that references the users belonging to that group. 
+This field should be mapped to the `add_member_ids` field.
+- If the external system supports event-based updates for group membership changes, the `object_member` object should include an additional collection field.
+This field identifies users to be removed from the group and should be mapped to the `remove_member_ids` field.
 
-The `shared_with` field allows to specify the permission level for each user or group using the `permission` type. 
-The `permission` type is a special structure associating a reference to an user-like record type (the field `member_id`)
-with an `enum` value that provides the user with the role or permission level.
 ## Platform groups
 
-Platform groups are groups automatically created by the DevRev platform for every organization. 
-For example, DevRev provides *Dev users* and *Rev users* groups that contain all the Dev and Rev users respectively.
+Platform groups are automatically created by the DevRev platform for every organization. 
+For example, DevRev provides *Dev users* and *Rev users* groups that contain all Dev and Rev users respectively.
+
+Developers and end-users can map external default groups to platform groups. 
+This functionality allows flexible integration with DevRev's permission system while enabling re-mapping by the end user.
+
+To implement this mapping:
+1. Define a new object in external domain metadata with one enum field containing possible values of default groups available in the external system. 
+2. During initial domain mapping, map this object to the *platform groups* object in DevRev.
+3. Reference your object in other fields, such as in the `shared_with` field of articles.
+
+## Shared with field
+
+The `shared_with` field enables you to define permissions for articles (and other objects in the future). 
+It specifies both who can access the content and what permission level they have. 
+This field utilizes the `permission` type to associate users or groups with their designated roles.
+
+### Structure
+
+Each entry in the `shared_with` collection contains two key components:
+
+- `member_id`: Identifies which user or group is being granted access.
+- `role`: Specifies the permission level (for example, "viewer", "editor", "owner"). DevRev offers a set of predefined roles.
+
+### Member types
+
+The `member_id` field can reference three different types of objects:
+- Individual users (`#record:users`)
+- Standard groups (`#record:groups`)
+- Platform groups (`#record:platform_groups`)
+
+### External metadata example
+
+```json
+{
+  "shared_with": {
+    "type": "permission",
+    "collection": {},
+    "permission": {
+      "role": {
+        "values": [
+          {
+            "key": "owner",
+            "name": "Owner"
+          },
+          {
+            "key": "editor",
+            "name": "Editor"
+          },
+          {
+            "key": "viewer",
+            "name": "Viewer"
+          }
+        ]
+      },
+      "member_id": {
+        "refers_to": {
+          "#record:users": {},
+          "#record:groups": {},
+          "#record:platform_groups": {}
+        }
+      }
+    }
+  }
+}
+```
+
+## Article permissions
+
+Articles in DevRev can be shared with individual users or groups, allowing for granular control over who can access what content.
+
+### Sharing mechanism
+
+The `shared_with` field specifies the permission level for each user or group using the `permission` type.
+This type is a structure that connects a reference to a user-like record type (the `member_id` field)
+with an `enum` value that defines the user's role or permission level.
+
+### Scope interaction
+
+<Tabs>
+<Tab title="Internal scope">
+
+For `scope=internal` articles:
+- By default, only the owner has access.
+- Additional access is granted exclusively through the `shared_with` field.
+</Tab>
+
+<Tab title="External scope">
+
+For `scope=external` articles, the expected behavior is that they are published to Portal/PLuG and shared with customers.
+
+- By default:
+  - Admins have CRUD (create, read, update, delete) rights.
+  - Platform users have CRU (create, read, update) rights.
+- Additional rights can be assigned by creating roles and assigning them to the entire organization or specific groups.
+- Articles can be shared with customers and published to Portal/PLuG.
+</Tab>
+</Tabs>
+
+---
+
+## Authorization policy
+
+The *Authorization policy* object translates permission structures from an external system into DevRev's access control model. 
+It enables the import of external roles and their associated permissions, automatically creating corresponding roles, role sets, and access control entries (ACEs) within DevRev. 
+This allows defining CRUD (Create, Read, Update, Delete) permissions for specific record types, applying them to users and groups.
+
+<Info>
+Only 1-way sync (from the external system to DevRev) is supported for authorization policy.
+</Info>
+
+### Object fields
+
+The Authorization policy object supports the following fields:
+
+- `groups` (optional): A list of group identifiers from the external system to which this policy applies.
+- `users` (optional): A list of user identifiers from the external system to which this policy applies.
+- `targets`: Defines the DevRev record types the permissions apply to. It uses the `type_key` type. The format differs between metadata definition and runtime import.
+- `privileges`: Specifies the permissions granted by the policy. These should be normalized to CRUD operations.
+
+### External domain metadata
+
+To define the `targets` field in the external domain metadata use the `type_key` type to specify a list of strings representing the record types or record type categories the policy applies to.
+- Use the prefix `#record:` for specific record types (for example, `#record:document`).
+- Use the prefix `#category:` for record type categories (for example, `#category:users`).
+
+Example:
+```json
+["#record:document", "#category:users"]
+```
+
+To define the `privileges` field in the external domain metadata, specify an `enum` field representing the distinct permission levels available in the external system. 
+Normalize these external permissions to their closest CRUD equivalents (create, read, update, delete).
+
+During initial domain mapping, you map these enum values to DevRev's standard CRUD permissions. End users can later customize this mapping if needed.
+
+<Warning>
+Authorization policies should always represent the current state of the external system. In each sync run, the entire policy should be recreated or not provided at all.
+
+The object must be marked as `is_snapshot` to indicate it represents the current state of the external system.
+</Warning>
+
+### Runtime import
+
+The `targets` field is an array of strings containing the actual DevRev record type names. 
+If a category was specified in the metadata (for example, `#category:users`), it should be expanded into the list of all record types belonging to that category at runtime.
 
-We allow developers to map their external default groups to platform groups. 
-This functionality allows for flexible integration with the platform's permission system while allowing for re-mapping by the end user.
+For example, if the `#category:users` includes "executives" and "developers", the runtime targets field should be:
+```json
+["document", "executives", "developers"]
+```
 
-To implement this mapping, developers need to define a new object in external metadata with one enum field containing the possible values of default groups available in the external system. During the initial domain mapping, developers can map this object to the *platform groups* object in DevRev. The platform groups object can then be referenced in other objects, such as in the `shared_with` field of articles.
+The `privileges` field is an array of strings representing the specific CRUD permissions granted by the policy, based on the mapping defined during domain setup (or as re-mapped by the user).
 
-{/* ### Authorization policy */}
+For example, if the external role granted read and update access, the runtime privileges field should be:
+```json
+["read", "update"]
+```