enhancement: Promote batch API to top level (#190)

Moves the batch API REST endpoint from `/api/x/check_resource_batch` to
`/api/check_resource_batch`

docs/modules/api/pages/index.adoc

@@ -18,6 +18,8 @@ Alternatively, you can explore the API using the following methods as well:
 
 == Request and response formats
 
+=== `CheckResourceSet` (`/api/check`)
+
 .Request
 [source,json,linenums]
 ----
@@ -99,7 +101,99 @@ Alternatively, you can explore the API using the following methods as well:
 <5> The policy that matched to make the decision for the given action.
 <6> Derived roles that were activated.
 
+=== `CheckResourceBatch` (`/api/check_resource_batch`)
+
+Unlike `CheckResourceSet` -- which checks access to resource instances of the _same_ kind, `CheckResourceBatch` allows checking access to multiple heterogeneous resource instances.  
+
+.Request
+[source,json,linenums]
+----
+{
+  "requestId": "test",
+  "principal": {
+    "id": "donald_duck",
+    "policyVersion": "20210210",
+    "roles": [
+      "employee"
+    ],
+    "attr": {
+      "department": "marketing",
+      "geography": "GB",
+      "team": "design"
+    }
+  },
+  "resources": [
+    {
+      "actions": [
+        "view:public",
+        "approve",
+        "create"
+      ],
+      "resource": {
+        "kind": "leave_request",
+        "policyVersion": "20210210",
+        "id": "XX125",
+        "attr": {
+          "department": "marketing",
+          "geography": "GB",
+          "id": "XX125",
+          "owner": "john",
+          "team": "design"
+        }
+      }
+    },
+    {
+      "actions": [
+        "view:public",
+        "approve",
+        "create"
+      ],
+      "resource": {
+        "kind": "leave_request",
+        "policyVersion": "20210210",
+        "id": "XX150",
+        "attr": {
+          "department": "marketing",
+          "geography": "GB",
+          "id": "XX125",
+          "owner": "mary",
+          "team": "design"
+        }
+      }
+    }
+  ]
+}
+----
+
+
+.Response
+[source,json,linenums]
+----
+{
+  "requestId":  "test",
+  "results":  [
+    {
+      "resourceId":  "XX125",
+      "actions":  {
+        "approve":  "EFFECT_DENY",
+        "create":  "EFFECT_DENY",
+        "view:public":  "EFFECT_ALLOW"
+      }
+    },
+    {
+      "resourceId":  "XX150",
+      "actions":  {
+        "approve":  "EFFECT_DENY",
+        "create":  "EFFECT_DENY",
+        "view:public":  "EFFECT_ALLOW"
+      }
+    }
+  ]
+}
+----
+
 
+== Accessing the API
 
 === Using curl to access the REST API
 

hack/dev/dev.mk

@@ -96,7 +96,7 @@ check-http:
 		$(wildcard $(DEV_DIR)/requests/check_resource_batch/*.json),\
 		echo "";\
 		echo $(REQ_FILE); \
-		curl -k https://localhost:$(HTTP_PORT)/api/x/check_resource_batch?pretty -d @$(REQ_FILE);\
+		curl -k https://localhost:$(HTTP_PORT)/api/check_resource_batch?pretty -d @$(REQ_FILE);\
 		echo "";)
 
 	@ $(foreach REQ_FILE,\
@@ -126,7 +126,7 @@ check-http-insecure:
 		$(wildcard $(DEV_DIR)/requests/check_resource_batch/*.json),\
 		echo "";\
 		echo $(REQ_FILE); \
-		curl http://localhost:$(HTTP_PORT)/api/x/check_resource_batch?pretty -d @$(REQ_FILE);\
+		curl http://localhost:$(HTTP_PORT)/api/check_resource_batch?pretty -d @$(REQ_FILE);\
 		echo "";)
 
 	@ $(foreach REQ_FILE,\

internal/server/server_test.go

@@ -325,7 +325,7 @@ func executeHTTPTestCase(c *http.Client, hostAddr string, creds *authCreds, tc *
 			want = call.CheckResourceSet.WantResponse
 			have = &responsev1.CheckResourceSetResponse{}
 		case *cerbosdevv1.ServerTestCase_CheckResourceBatch:
-			addr = fmt.Sprintf("%s/api/x/check_resource_batch", hostAddr)
+			addr = fmt.Sprintf("%s/api/check_resource_batch", hostAddr)
 			input = call.CheckResourceBatch.Input
 			want = call.CheckResourceBatch.WantResponse
 			have = &responsev1.CheckResourceBatchResponse{}