https://www.ory.sh/
Join Slack
I'm using the OPL (inside convo) to model my permissions, I'm adding `permits` to view and edit reso...
# talk-keto
r
I'm using the OPL (inside convo) to model my permissions, I'm adding 
permits
to view and edit resources. If I use these permits with the check service they work as expected. Now I want to list all teams users have view access to. My understanding is that the list service won't work for this (and it doesn't) and so I should use the expand service, but so far I haven't been able to create a query that returns a non-empty set.
Copy code
import { Namespace, Context } from '<https://esm.sh/@ory/keto-namespace-types@0.10.0-alpha.0>'

class AccessToken implements Namespace {
}

class Account implements Namespace {
  related: {
    tokens: AccessToken[]
    admin_tokens: AccessToken[]
    // workaround for lack of `this.equals(ctx.subject)
    editors: Account[]
  }

  permits = {
    edit: (ctx: Context): boolean =>
      this.related.editors.includes(ctx.subject) ||
      this.related.admin_tokens.includes(ctx.subject),

    view: (ctx: Context): boolean =>
        this.permits.edit(ctx) ||
        this.related.tokens.includes(ctx.subject),
  }
}

class Team implements Namespace {
  related: {
    owners: Account[]
    tokens: AccessToken[]
    admin_tokens: AccessToken[]
  }

  permits = {
    edit: (ctx: Context): boolean =>
      this.related.admin_tokens.includes(ctx.subject) ||
      this.related.owners.traverse(m => m.permits.edit(ctx)),

    view: (ctx: Context): boolean =>
      this.permits.edit(ctx) ||
      this.related.tokens.includes(ctx.subject) ||
      this.related.owners.traverse(m => m.permits.view(ctx)),
  }
}
p
We’re struggling with the same issue. Is there anyone who has an idea on how to achieve this?
8 Views
Open in Slack
PreviousNext
Powered by

Ory Community

Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Powered by