https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H>: I have the following Keto permissi...
# ory-copilot
h
@chilly-king-10285: I have the following Keto permissions model:
Copy code
class User implements Namespace {}

class Team implements Namespace {
  related: {
    owners: User[];
  };

  permits = {
    manageBilling: (ctx: Context): boolean => this.related.owners.includes(ctx.subject),
    ...
  };
}
I’d like a way to flag a team as ‘disabled’, and if set - all permits would be denied for permissions against that team. I tried this:
Copy code
class User implements Namespace {}

class Team implements Namespace {
  related: {
    owners: User[];
    disabledFlag: User[];
  };

  permits = {
    manageBilling: (ctx: Context): boolean => !this.permits.teamDisabled(ctx) && this.related.owners.includes(ctx.subject),
    teamDisabled: (ctx: Context): boolean => this.related.disabledFlag.includes('disabled-flag'),
    ...
  };
}
Which assumes we set a constant of 
disabled-flag
as the user subject to flag the team is disabled. However, this fails with a sytanx error:
Copy code
expected "ctx", got "disabled-flag"
Have you got any suggestions as to how to implement this requirement?
b
A message from kapa.ai
Based on the information provided in the knowledge sources, it seems that the 
ctx
object is a fixed parameter that contains the 
subject
for which the permission check should be conducted. The 
ctx
object is typically structured as follows: 
ctx = { subject: "some_user_id" }
. In your case, you are trying to use a constant string 'disabled-flag' as the subject, which is likely causing the syntax error. The 
ctx.subject
is expected to be a user identifier, not a constant string. One possible solution could be to add a 
disabled
property to the 
Team
class and check this property in your 
permits
functions. However, this approach would require changes to your data model and may not be directly supported by the Ory Keto permissions model. Unfortunately, the knowledge sources do not provide a direct solution to your problem. I would recommend checking the [Ory Keto documentation](https://www.ory.sh/docs/keto/) for more information on how to model complex permission requirements.
Open in Slack
PreviousNext
Powered by