I m using the OPL inside convo to model my permissions I m a Ory Community #talk-keto

I'm using the OPL (inside convo) to model my permi...

refined-airport-1308

02/06/2023, 10:01 AM

I'm using the OPL (inside convo) to model my permissions, I'm adding

permits

to view and edit resources. If I use these permits with the check service they work as expected. Now I want to list all teams users have view access to. My understanding is that the list service won't work for this (and it doesn't) and so I should use the expand service, but so far I haven't been able to create a query that returns a non-empty set.

refined-airport-1308

02/06/2023, 10:02 AM

Copy code

import { Namespace, Context } from '<https://esm.sh/@ory/keto-namespace-types@0.10.0-alpha.0>'

class AccessToken implements Namespace {
}

class Account implements Namespace {
  related: {
    tokens: AccessToken[]
    admin_tokens: AccessToken[]
    // workaround for lack of `this.equals(ctx.subject)
    editors: Account[]
  }

  permits = {
    edit: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject) ||
      this.related.admin_tokens.includes(ctx.subject),

    view: (ctx: Context): boolean =>
        this.permits.edit(ctx) ||
        this.related.tokens.includes(ctx.subject),
  }
}

class Team implements Namespace {
  related: {
    owners: Account[]
    tokens: AccessToken[]
    admin_tokens: AccessToken[]
  }

  permits = {
    edit: (ctx: Context): boolean =>
      this.related.admin_tokens.includes(ctx.subject) ||
      this.related.owners.traverse(m => m.permits.edit(ctx)),

    view: (ctx: Context): boolean =>
      this.permits.edit(ctx) ||
      this.related.tokens.includes(ctx.subject) ||
      this.related.owners.traverse(m => m.permits.view(ctx)),
  }
}

polite-wire-24572

03/29/2023, 10:30 AM

We’re struggling with the same issue. Is there anyone who has an idea on how to achieve this?

9 Views

Open in Slack

Previous Next