I have an issue with nesting groups and inherited ...
# ory-selfhostingp
plain-nest-87853
12/19/2024, 10:48 PMI have an issue with nesting groups and inherited permissions, i have two groups with one group having one user and is a member of the second group, the second group is an owner of an entity, but, when i test this, the "owner" and "edit" checks are true (which is correct) but the "view" check fails erroneously
here is my permissions file (simplified)
Copy code
class Group implements Namespace {
related: {
members: (User | SubjectSet<Group, "members">)[];
};
}
class User implements Namespace {}
class Entity implements Namespace {
related: {
parents: (Entity)[];
owners: (User | SubjectSet<Group, "members">)[]
editors: (User | SubjectSet<Group, "members">)[]
viewers: (User | SubjectSet<Group, "members">)[]
};
permits = {
owner: (ctx: Context) => this.related.owners.includes(ctx.subject) || this.related.parents.traverse((parent) => parent.permits.owner(ctx)),
edit: (ctx: Context) => this.related.editors.includes(ctx.subject) || this.permits.owner(ctx) || this.related.parents.traverse((parent) => parent.permits.edit(ctx)),
view: (ctx: Context) => this.related.viewers.includes(ctx.subject) || this.permits.edit(ctx) || this.related.parents.traverse((parent) => parent.permits.view(ctx)),
};
} Copy code
write.createRelationship({
createRelationshipBody: {
namespace: "Group",
object: "Group 1",
relation: "members",
subject_id: "123",
},
}),
write.createRelationship({
createRelationshipBody: {
namespace: "Group",
object: "Group 2",
relation: "members",
subject_set: {
namespace: "Group",
object: "Group 1",
relation: "members",
},
},
}),
write.createRelationship({
createRelationshipBody: {
namespace: "Entity",
object: "Foo",
relation: "owners",
subject_set: {
namespace: "Group",
object: "Group 2",
relation: "members",
},
},
}),