Closed henkosch closed 2 years ago
There is a (previously unknown) bug in the handler which is translating the result from the graph resolver: https://github.com/authzed/spicedb/blob/main/internal/services/v1/permissions.go#L108
This should be INTERSECTION
. As tomorrow is a holiday, we will get a fix prepped for Friday.
For 2, there is a LookupSubjects
proposal, #261, which you might want to review and leave some feedback on.
I have this simple example project with an intersection for permission read:
Playground url for the example: https://play.authzed.com/s/8T6joqUt7r9_1/schema
On the "Expected Relations" tab the playground shows it correctly that document d2 can be read by user u1, but d1 cannot.
However when I load the same relations locally into spicedb and try to find all the users who can read a document with the expand api using the zed CLI tool, it shows union instead of intersection and also I have no way to tell which users can actually read the document because they are not filtered.
So my questions are:
Thank you!