https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> how can I check all Galleries that ...
# ory-copilot
b
@chilly-king-10285 how can I check all Galleries that are available to specific User?
Copy code
class User implements Namespace {
}

class Group implements Namespace {
    related: {
        managers: (Group | User)[],
        members: (Group | User)[]
    }

    permits = {
        isMember: (ctx: Context) => this.related.managers.includes(ctx.subject)
            || this.related.members.includes(ctx.subject)
    }
}

class Gallery implements Namespace {

    related: {
        enroll: (User | SubjectSet<Group, "members">)[],
        identify: (User | SubjectSet<Group, "members">)[],
        delete: (User | SubjectSet<Group, "members">)[]
    }

    permits = {
        enroll: (ctx: Context) => this.related.enroll.includes(ctx.subject),
        identify: (ctx: Context) => this.related.identify.includes(ctx.subject),
        delete: (ctx: Context) => this.related.delete.includes(ctx.subject)
    }
}
c
A message from kapa.ai
To check all galleries that are available to a specific user, you can use Ory Keto's List API. This API allows you to display a list of all objects (in this case, galleries) a user has access to. In your case, you would need to query relationships based on the user's access rights to the galleries. The access rights are defined in the 
permits
section of your 
Gallery
class. Here is an example of how you can use the List API:
Copy code
javascript // Assuming you have a user object let user = ...;  // Use the List API to get all galleries the user can enroll let galleriesUserCanEnroll = keto.list('Gallery', 'enroll', user.id);  // Use the List API to get all galleries the user can identify let galleriesUserCanIdentify = keto.list('Gallery', 'identify', user.id);  // Use the List API to get all galleries the user can delete let galleriesUserCanDelete = keto.list('Gallery', 'delete', user.id);
In this example, 
keto.list
is a hypothetical function that represents a call to the List API. The first argument is the namespace (in this case, 'Gallery'), the second argument is the relation (e.g., 'enroll', 'identify', 'delete'), and the third argument is the subject (in this case, the user's id). Please note that this is a simplified example and the actual implementation may vary based on your application's requirements and the specific API client you are using. For more details on how to use the List API, please refer to the [Ory Keto documentation](https://www.ory.sh/docs/keto/guides/list-api-display-objects).
b
Will it show me indirect user references through the group? @chilly-king-10285
c
A message from kapa.ai
Yes, Ory Keto's List API can show indirect user references through groups. However, it's important to note that the List API does not expand subject sets by default. This means that if a user has access to a gallery through a group, the List API will return the group, not the individual user. If you want to get a list of all individual users who have access to a gallery, including those who have access through a group, you would need to use the Expand API. The Expand API resolves subject sets and can be used to display all subjects (users or groups) that have a specific relation to an object (in this case, a gallery). Here's an example of how you might use the Expand API:
Copy code
javascript // Assuming you have a gallery object let gallery = ...;  // Use the Expand API to get all subjects that can enroll in the gallery let subjectsCanEnroll = keto.expand('Gallery', 'enroll', gallery.id);  // Use the Expand API to get all subjects that can identify the gallery let subjectsCanIdentify = keto.expand('Gallery', 'identify', gallery.id);  // Use the Expand API to get all subjects that can delete the gallery let subjectsCanDelete = keto.expand('Gallery', 'delete', gallery.id);
In this example, 
keto.expand
is a hypothetical function that represents a call to the Expand API. The first argument is the namespace (in this case, 'Gallery'), the second argument is the relation (e.g., 'enroll', 'identify', 'delete'), and the third argument is the object (in this case, the gallery's id). Please note that this is a simplified example and the actual implementation may vary based on your application's requirements and the specific API client you are using. For more details on how to use the Expand API, please refer to the [Ory Keto documentation](https://www.ory.sh/docs/keto/guides/expand-api-display-who-has-access).
b
@chilly-king-10285 I want to check what galleries User has access through direct and indirect references
c
A message from kapa.ai
New message text here
Open in Slack
PreviousNext
Powered by