Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I'm having trouble understanding why my permission rules don't work. I set this up in the console:

```import { Namespace, Context } from "@ory/permission-namespace-types"

class user implements Namespace { }

class team implements Namespace {
  related: {
    members: user[]
  }
}

class document implements Namespace {
  related: {
    owner: team[]
    author: user[]
  }

  permits = {
    view: (ctx: Context): boolean =&gt; this.related.author.includes(ctx.subject) || 
    this.related.owner.traverse((ws)=&gt;ws.related.members.includes(ctx.subject))
  }
}```
When I run ory list relationships, I have these:
```NAMESPACE	OBJECT	RELATION NAME	SUBJECT
team		1	members		alice
team		2	members		bob
document	2	author		alice
document	2	owner		1```
When I run checks, the following are Allowed, which is what I expect:
• ory is allowed alice members team 1
• ory is allowed bob members team 1
• ory is allowed 1 owner document 2
• ory is allowed alice author document 2
• ory is allowed alice view document 2
But this one is denied:
ory is allowed bob view document 2

Since bob is a member of team 1, and team 1 is the owner of document 2, how do I permit bob to view document 2?