Hello, I have an issue using the

traverse

function in my Keto OPL files. Here are the permissions:

export class User implements Namespace {}

export class UserList implements Namespace {
	related: {
		members: User[]
		community: Community[]
	}

	permits = {
		view: (ctx: Context): boolean => this.related.community.traverse((c) => c.permits.view(ctx)),
		add_member: (ctx: Context): boolean =>
			this.related.community.traverse((c) => c.related.user_list_managers.includes(ctx.subject)),
		remove_member: (ctx: Context): boolean =>
			this.related.community.traverse((c) => c.related.user_list_managers.includes(ctx.subject)),
	}
}

export class Community implements Namespace {
	related: {
		members: (User | SubjectSet<UserList, "members">)[]
		user_list_managers: (User | SubjectSet<UserList, "members">)[]
	}

	permits = {
		view: (ctx: Context): boolean => this.related.members.includes(ctx.subject),
		create_user_list: (ctx: Context): boolean => this.related.user_list_managers.includes(ctx.subject),
	}
}

My issue is that when using the Ory Network I can make it work and get allowed when intended (checking

add_member

for example) But when I use the self hosted version of Keto and I create exactly the same relations using the API I get “denied” instead of allowed. What am I doing wrong ? Is there an issue with how I use traverse ? Or maybe with how I create relations ? I put my Ory Network relations and my database relations in thread for comparison.

message has been deleted