I've quite a general/naive question. When using ke...
# talk-ketod
delightful-yak-60786
01/23/2024, 2:16 PMI've quite a general/naive question. When using keto does this mean that i dont need to embed the owner (a person, an org, etc) of a resource in my data store because keto will be taking care of that itself?
w
witty-holiday-65473
01/26/2024, 12:09 AMNot sure I’m following. But if I am following, I’m not sure why you would think that…
witty-holiday-65473
01/26/2024, 12:10 AMWhat do you mean by “take care of that for you”?
d
delightful-yak-60786
01/26/2024, 4:14 PM@witty-holiday-65473 after writing it down it occurred that I'd still need to store some reference key (i.e a user id or their group) for queuing the database. Keto is specifically to do with the relationships
delightful-yak-60786
01/26/2024, 4:18 PMBy "take care of that for you" I thought the process would be:
1. You upload a resource to your data store (like a file)
2. If successful then in keto you would append the relationship (i.e the folder it lives in + the owners permissions)
3. When I want to query all the files in a given folder I'd speak with keto to get a list of IDs for the subjects (the files)
4. Query the API by giving it a set of ids
But then step 3 was where I naively understood the point of keto
w
witty-holiday-65473
01/26/2024, 4:35 PMwell - idk if #3 would be the most efficient way to "query all files in a given folder"
witty-holiday-65473
01/26/2024, 4:36 PMi mean. you can do that. but always remember that
can != shouldd
delightful-yak-60786
01/26/2024, 4:41 PMYh seemed to be the same conclusion I came to. But that's a good thing as I have a better understanding of where keto fits in
delightful-yak-60786
01/26/2024, 6:47 PM@witty-holiday-65473 If you don't mind me asking, how would you approach querying the resources and making sure the it returns only items that the user has access to (i.e access to view)
w
witty-holiday-65473
01/26/2024, 6:56 PMwell, to be honest, expand api needs to be fixed enhanced?/fixed before we can use/rely on keto in any reasonable degree for something like what you just mentioned. RE: https://github.com/ory/keto/issues/1060
d
delightful-yak-60786
01/26/2024, 8:00 PMAhhh thank you for that issue link. Just getting started with keto as it's the Authz choice for the team I joined but they haven't looked into the API that much so attempting to do so myself
l
lemon-apartment-14887
02/28/2024, 2:33 PMHello @witty-holiday-65473
Do you have any insights as to how the enhancement of the Expand API is going?
https://github.com/ory/keto/issues/1060
Having user-set rewrites in the Expand is really important. Because right now I don't see any other option to query subject's permissions in a system where roles are defined as relationships and permissions as user-set rewrites (permits {} block)
lemon-apartment-14887
02/28/2024, 2:49 PMOr maybe there is another option to get the list of user permissions?
14 Views