Team We re working on a POC with Keto In that there is a def Ory Community #talk-keto

Team, We're working on a POC with Keto. In that t...

cold-motorcycle-49371

07/09/2023, 11:54 AM

Team, We're working on a POC with Keto. In that there is a definition of permission language that we came up with something like this,

Copy code

class StorageObject implements Namespace {
  related: {
    viewers: User[]
    editors: User[]
    owners: User[]
  }
  permits = {
    read: (ctx: Context): boolean =>
      this.related.viewers.includes(ctx.subject) ||
      this.related.editors.includes(ctx.subject) ||
      this.related.owners.includes(ctx.subject)
  }
}

Instead of mentioning

owner

editor

and

viewer

in all the applicable permission, Is there a way that I can say,

everything that the viewer has access, the owner has access too

steep-lamp-91158

07/10/2023, 6:44 AM

you can use e.g. an

isMember

helper permission:

Copy code

class StorageObject implements Namespace {
  related: {
    viewers: User[]
    editors: User[]
    owners: User[]
  }
  permits = {
    isMember: (ctx: Context): boolean => 
      this.related.viewers.includes(ctx.subject) ||
      this.related.editors.includes(ctx.subject) ||
      this.related.owners.includes(ctx.subject),
    read: (ctx: Context): boolean =>
      this.permits.isMember(ctx)
  }
}

steep-lamp-91158

07/10/2023, 6:47 AM

you should think in object-oriented terms here really, so not role or subject focused

cold-motorcycle-49371

07/10/2023, 3:19 PM

Thanks a lot Patrick, that helps! Could you please elaborate what do you specifically mean by "think in object-oriented terms" in this context?

steep-lamp-91158

07/10/2023, 3:23 PM

focus on the object, so "who can do what with this thing" instead of "what can this role do"

steep-lamp-91158

07/10/2023, 3:23 PM

just as a way of thinking when working on the model

Open in Slack

Previous Next