https://www.ory.sh/
Join Slack
Hi, now I have another problem with keto - hopefully you can point out what I am doing wrong Here i...
# talk-keto
b
Hi, now I have another problem with keto - hopefully you can point out what I am doing wrong Here is my OPL:
Copy code
//import { Namespace, SubjectSet, Context } from "@ory/keto-namespace-types"

class User implements Namespace {
  related: {}
}

class Group implements Namespace {
  related: {
    members: User[]
  }
}

class Permission implements Namespace {
  related: {
    permissions: Group[]
    users: SubjectSet<Group, 'members'>[]
  }

  permits = {
    allowed: (ctx: Context): boolean => this.related.users.includes( ctx.subject)
  }
}
These RelationTuples exist:
Copy code
Group:TestGroupAAA#members@(User:Foo)
Group:TestGroupBBB#members@(User:Bar)

Permission:TestPermissionAAA#permissions@(Group:TestGroupAAA)
Permission:TestPermissionBBB#permissions@(Group:TestGroupBBB)
These checks should be allowed but are denied:
Copy code
Permission:TestPermissionAAA#allowed@(User:Foo)
Permission:TestPermissionBBB#allowed@(User:Bar)
I already tried changing the direction of the existing RelationTuples and the Check with no result.
Problem solved by adding:
Copy code
Permission:TestPermissionAAA#allowedUsers@(Group:TestGroupAAA#members)
Permission:TestPermissionBBB#allowedUsers@(Group:TestGroupBBB#members)
instead of
Copy code
Permission:TestPermissionAAA#permissions@(Group:TestGroupAAA)
Permission:TestPermissionBBB#permissions@(Group:TestGroupBBB)
2 Views
Open in Slack
PreviousNext
Powered by

Ory Community

Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Powered by