refined-airport-1308
02/06/2023, 10:01 AMpermits
to view and edit resources. If I use these permits with the check service they work as expected. Now I want to list all teams users have view access to. My understanding is that the list service won't work for this (and it doesn't) and so I should use the expand service, but so far I haven't been able to create a query that returns a non-empty set.refined-airport-1308
02/06/2023, 10:02 AMimport { Namespace, Context } from '<https://esm.sh/@ory/keto-namespace-types@0.10.0-alpha.0>'
class AccessToken implements Namespace {
}
class Account implements Namespace {
related: {
tokens: AccessToken[]
admin_tokens: AccessToken[]
// workaround for lack of `this.equals(ctx.subject)
editors: Account[]
}
permits = {
edit: (ctx: Context): boolean =>
this.related.editors.includes(ctx.subject) ||
this.related.admin_tokens.includes(ctx.subject),
view: (ctx: Context): boolean =>
this.permits.edit(ctx) ||
this.related.tokens.includes(ctx.subject),
}
}
class Team implements Namespace {
related: {
owners: Account[]
tokens: AccessToken[]
admin_tokens: AccessToken[]
}
permits = {
edit: (ctx: Context): boolean =>
this.related.admin_tokens.includes(ctx.subject) ||
this.related.owners.traverse(m => m.permits.edit(ctx)),
view: (ctx: Context): boolean =>
this.permits.edit(ctx) ||
this.related.tokens.includes(ctx.subject) ||
this.related.owners.traverse(m => m.permits.view(ctx)),
}
}
polite-wire-24572
03/29/2023, 10:30 AMOry is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.
Powered by