Hi guys, we've just working on a PoC using permiss...
# talk-ketob
bulky-hamburger-2500
01/05/2024, 5:46 AMHi guys, we've just working on a PoC using permission on ORY network (I understands that underneath it's Keto). I've defined a permission rules like this
Copy code
class User implements Namespace {
related: {
manager: User[]
}
}
class Group implements Namespace {
related: {
members: (User | Group)[]
}
}
class Folder implements Namespace {
related: {
parents: File[]
viewers: SubjectSet<Group, "members">[]
}
permits = {
view: (ctx: Context): boolean => this.related.viewers.includes(ctx.subject),
}
}
class File implements Namespace {
related: {
parents: (File | Folder)[]
viewers: (User | SubjectSet<Group, "members">)[]
owners: (User | SubjectSet<Group, "members">)[]
siblings: File[]
}
permits = {
view: (ctx: Context): boolean =>
this.related.parents.traverse((p) => p.related.viewers.includes(ctx.subject)) ||
this.related.parents.traverse((p) => p.permits.view(ctx)) ||
this.related.viewers.includes(ctx.subject) ||
this.related.owners.includes(ctx.subject),
edit: (ctx: Context) => this.related.owners.includes(ctx.subject),
rename: (ctx: Context) => this.related.siblings.traverse((s) => s.permits.edit(ctx)),
}
} Copy code
{
"relation_tuples": [
{
"namespace": "Folder",
"object": "AMC",
"relation": "viewers",
"subject_id": "group1"
},
{
"namespace": "Group",
"object": "group1",
"relation": "members",
"subject_id": "test1"
},
{
"namespace": "File",
"object": "file1",
"relation": "parents",
"subject_id": "AMC"
}
],
"next_page_token": ""
} Copy code
{{ory_project}}/relation-tuples/check?namespace=File&object=file1&relation=viewers&subject_id=test18 Views