https://www.ory.sh/
Join Slack
Got another one. How have you all been approaching list endpoints where Keto needs to filter down th...
# talk-keto
p
Got another one. How have you all been approaching list endpoints where Keto needs to filter down the results to a subset. Take the following policy for example:
Copy code
class Account implements Namespace {
  related: {
    accountAdmins: User[]
  }

  permits = {
    read: (ctx: Context) => 
      this.related.accountAdmins.includes(ctx.subject)
  }
}
If I wanted to list the accounts a user has access to what would be nice would be something like: GET relation-tuples?namespace=Account&relation=read&subjectid=x But that won't work because the relation here is accountAdmins. I could list by accountAdmins, but that would be pushing the authz logic into clients. I could also do a check for every account, but that is slow. Is there a better way to do this?
Open in Slack
PreviousNext
Powered by

Ory Community

Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Powered by