We are currently experimenting to see whether Keto...
# ory-networkm
mysterious-processor-51766
05/18/2024, 10:19 AMWe are currently experimenting to see whether Ketos could be a good fit for our permission system.
However I’m stuck 😭:
I have the following permission model:
Copy code
class Company implements Namespace {
related: {
admins: User[]
}
permits = {
owner: (ctx: Context): boolean =>
this.related.admins.includes(ctx.subject)
}
}
class LearningPlan implements Namespace {
related: {
owners: User[]
companies: Company[]
}
permits = {
owner: (ctx: Context): boolean =>
this.related.companies.traverse((parent) => parent.permits.owner(ctx)) ||
this.related.owners.includes(ctx.subject)
}
}companies/simpleclubcompaniesLearningPlan:learning_plans/xyzusers/abcadminsCompany:companies/simpleclubhttps://{project-slug}.<http://projects.oryapis.com/relation-tuples/checknamespace=LearningPlan&object=learning_plans/xyz&relation=owner&subject_id=users/abc&max-depth=20|projects.oryapis.com/relation-tuples/checknamespace=LearningPlan&object=learning_plans/xyz&relation=owner&subject_id=users/abc&max-depth=20>{"allowed": false}.companies.traverse()adminmysterious-processor-51766
06/01/2024, 9:28 PMCreated a documentation bug as the example in the documentation doesn’t make it clear how the permission model should be used:
https://github.com/ory/docs/issues/1744
🙏 1
✅ 1
mysterious-processor-51766
06/01/2024, 9:35 PM@magnificent-energy-493 can you clarify and potentially update the documentation on how the permission model should be used?
I don’t understand how traverse really works and haven’t found a good example of using it.
The only 10 references of the function are on this page and they don’t mention how the relationships need to be setup for traverse to work.
m
magnificent-energy-493
06/03/2024, 10:04 AM
Hello Dennis, thanks for the feedback.
Will let the team know so we can clarify this.