Hi now I have another problem with keto hopefully you can po Ory Community #talk-keto

Hi, now I have another problem with keto - hopeful...

broad-printer-45521

11/24/2022, 7:47 AM

Hi, now I have another problem with keto - hopefully you can point out what I am doing wrong Here is my OPL:

Copy code

//import { Namespace, SubjectSet, Context } from "@ory/keto-namespace-types"

class User implements Namespace {
  related: {}
}

class Group implements Namespace {
  related: {
    members: User[]
  }
}

class Permission implements Namespace {
  related: {
    permissions: Group[]
    users: SubjectSet<Group, 'members'>[]
  }

  permits = {
    allowed: (ctx: Context): boolean => this.related.users.includes( ctx.subject)
  }
}

These RelationTuples exist:

Copy code

Group:TestGroupAAA#members@(User:Foo)
Group:TestGroupBBB#members@(User:Bar)

Permission:TestPermissionAAA#permissions@(Group:TestGroupAAA)
Permission:TestPermissionBBB#permissions@(Group:TestGroupBBB)

These checks should be allowed but are denied:

Copy code

Permission:TestPermissionAAA#allowed@(User:Foo)
Permission:TestPermissionBBB#allowed@(User:Bar)

I already tried changing the direction of the existing RelationTuples and the Check with no result.

broad-printer-45521

11/24/2022, 9:54 AM

Problem solved by adding:

Copy code

Permission:TestPermissionAAA#allowedUsers@(Group:TestGroupAAA#members)
Permission:TestPermissionBBB#allowedUsers@(Group:TestGroupBBB#members)

instead of

Copy code

Permission:TestPermissionAAA#permissions@(Group:TestGroupAAA)
Permission:TestPermissionBBB#permissions@(Group:TestGroupBBB)

3 Views

Open in Slack

Previous Next