https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> explain what this means: related: {...
# ory-copilot
w
@chilly-king-10285 explain what this means: related: { parents: Supportal[] viewers: (Identity | SubjectSet<Supportal, "viewers">)[] editors: (Identity | SubjectSet<Supportal, "editors">)[] }
c
A message from kapa.ai
The 
related
section in the given code snippet defines relations between objects and subjects in the Ory Permission Language (OPL). It is a part of a class that implements a 
Namespace
. Here's a breakdown of the relations: 1. `parents: Supportal[]`: This relation indicates that the object has a relationship with multiple 
Supportal
objects as its parents. The 
Supportal[]
denotes an array of 
Supportal
objects. 2. `viewers: (Identity | SubjectSet<Supportal, "viewers">)[]`: This relation represents the viewers of the object. The viewers can be either an 
Identity
object or a 
SubjectSet
with 
Supportal
objects and the relation "viewers". The 
|
symbol denotes a type union, meaning the subject of the "viewer" relation can be either an 
Identity
or a 
SubjectSet
. The 
[]
denotes an array of these subjects. 3. `editors: (Identity | SubjectSet<Supportal, "editors">)[]`: Similar to the viewers relation, this relation represents the editors of the object. The editors can be either an 
Identity
object or a 
SubjectSet
with 
Supportal
objects and the relation "editors". The 
[]
denotes an array of these subjects. For more information on relations and the Ory Permission Language, refer to the [Ory Permission Language specification](https://www.ory.sh/docs/keto/reference/ory-permission-language).
w
.
@chilly-king-10285 I want to have two relations in bizops - editors and viewers. Is this following code correct? [ { "namespace": "Supportal", "object": "bizops", "relation": "editors", "subject_set": { "namespace": "Identity", "object": "luka" } }, { "namespace": "Supportal", "object": "bizops", "relation": "viewers", "subject_set": { "namespace": "Identity", "object": "david" } }, { "namespace": "Bizops", "object": "task", "relation": "viewers", "subject_set": { "namespace": "Supportal", "object": "bizops", "relation": "viewers" } }, { "namespace": "Bizops", "object": "task", "relation": "editors", "subject_set": { "namespace": "Supportal", "object": "bizops", "relation": "editors" } } ]
c
A message from kapa.ai
Yes, the code you provided seems to correctly define two relations, 
editors
and 
viewers
, for the 
bizops
object in the 
Supportal
namespace. Here's a breakdown of the relationships: 1. Luka is an editor of the 
bizops
object in the 
Supportal
namespace. 2. David is a viewer of the 
bizops
object in the 
Supportal
namespace. 3. The viewers of the 
bizops
object in the 
Supportal
namespace are also viewers of the 
task
object in the 
Bizops
namespace. 4. The editors of the 
bizops
object in the 
Supportal
namespace are also editors of the 
task
object in the 
Bizops
namespace. For more information on creating relationships in Ory, refer to the [Creating relationships](https://www.ory.sh/docs/guides/permissions/overview#creating-relationships) section in the Ory documentation.
w
@chilly-king-10285 Is this permission rule correct for above example?
Copy code
import { Namespace, SubjectSet, Context } from "@ory/permission-namespace-types"

class Identity implements Namespace { }

class Supportal implements Namespace {
  related: {
    editors: (Identity | Supportal)[]
    viewers: (Identity | Supportal)[]
  }

  permits = {
    view: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject) ||
      this.related.viewers.includes(ctx.subject),

    edit: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject)
  }
}

class Bizops implements Namespace {
  related: {
    parents: Supportal[]
    editors: (Identity | SubjectSet<Supportal, "editors">)[]
    viewers: (Identity | SubjectSet<Supportal, "viewers">)[]
  }

  permits = {
    view: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject) ||
      this.related.viewers.includes(ctx.subject) ||
      this.related.parents.traverse((p) => p.permits.edit(ctx)) ||
      this.related.parents.traverse((p) => p.permits.view(ctx)),

    edit: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject) ||
      this.related.viewers.includes(ctx.subject) ||
      this.related.parents.traverse((p) => p.permits.edit(ctx)),
  }
}
c
A message from kapa.ai
Yes, the permission rule you provided seems to be correct for the example you mentioned earlier. It defines the 
Identity
, 
Supportal
, and 
Bizops
namespaces and their respective relations and permissions. Here's a breakdown of the permissions: 1. 
Supportal
namespace: - 
view
permission: A subject can view if they are in the 
editors
or 
viewers
relation. - 
edit
permission: A subject can edit if they are in the 
editors
relation. 2. 
Bizops
namespace: - 
view
permission: A subject can view if they are in the 
editors
or 
viewers
relation, or if they have 
edit
or 
view
permission in the related 
Supportal
namespace (parents). - 
edit
permission: A subject can edit if they are in the 
editors
relation, or if they have 
edit
permission in the related 
Supportal
namespace (parents).
Copy code
javascript import { Namespace, SubjectSet, Context } from "@ory/permission-namespace-types"  class Identity implements Namespace { }  class Supportal implements Namespace {   related: {     editors: (Identity | Supportal)[]     viewers: (Identity | Supportal)[]   }    permits = {     view: (ctx: Context): boolean =>       this.related.editors.includes(ctx.subject) ||       this.related.viewers.includes(ctx.subject),      edit: (ctx: Context): boolean =>       this.related.editors.includes(ctx.subject)   } }  class Bizops implements Namespace {   related: {     parents: Supportal[]     editors: (Identity | SubjectSet<Supportal, "editors">)[]     viewers: (Identity | SubjectSet<Supportal, "viewers">)[]   }    permits = {     view: (ctx: Context): boolean =>       this.related.editors.includes(ctx.subject) ||       this.related.viewers.includes(ctx.subject) ||       this.related.parents.traverse((p) => p.permits.edit(ctx)) ||       this.related.parents.traverse((p) => p.permits.view(ctx)),      edit: (ctx: Context): boolean =>       this.related.editors.includes(ctx.subject) ||       this.related.viewers.includes(ctx.subject) ||       this.related.parents.traverse((p) => p.permits.edit(ctx)),   } }
For more information on creating permission rules, refer to the [Create a permission model](https://www.ory.sh/docs/keto/modeling/create-permission-model) guide.
w
@chilly-king-10285 Is here any issue? import { Namespace, SubjectSet, Context } from "@ory/permission-namespace-types" class Identity implements Namespace { } class Supportal implements Namespace { related: { editors: (Identity | Supportal)[] viewers: (Identity | Supportal)[] } permits = { view: (_ctx_: Context): boolean => this.related.editors.includes(ctx.subject) || this.related.viewers.includes(ctx.subject), edit: (_ctx_: Context): boolean => this.related.editors.includes(ctx.subject) } } class Bizops implements Namespace { related: { parents: Supportal[] editors: (Identity | SubjectSet<Supportal, "editors" | "viewers">)[] viewers: (Identity | SubjectSet<Supportal, "viewers">)[] } permits = { view: (_ctx_: Context): boolean => this.related.editors.includes(ctx.subject) || this.related.viewers.includes(ctx.subject) || this.related.parents.traverse((p) => p.permits.edit(ctx)) || this.related.parents.traverse((p) => p.permits.view(ctx)), edit: (_ctx_: Context): boolean => this.related.editors.includes(ctx.subject) || this.related.viewers.includes(ctx.subject) || this.related.parents.traverse((p) => p.permits.edit(ctx)), } }
c
A message from kapa.ai
New message text here
w
@chilly-king-10285 How is it possible to retrieve all objects and permissions on it, which is available for specific Identity? I'm running this gRPC command, is it correct? Query: &rts.ListRelationTuplesRequest_Query{ Namespace: "Supportal", Subject: rts.NewSubjectSet("Identity", "david", ""), },
c
A message from kapa.ai
New message text here
m
Hello @wide-machine-60917 It can probably not help you with that because we do not have much docs on the Ory Keto SDK. There is something here https://www.ory.sh/docs/keto/sdk/go but we would need more examples for the bot to be able to answer this. If you want you can create an issue in github.com/ory/docs with some information what SDK example for Keto would interesting to you.
👀 1
124 Views
Open in Slack
PreviousNext
Powered by