search

canonical / ofga

A wrapper library over the default OpenFGA client, packed with convenience methods for interacting with OpenFGA instances.
GNU Lesser General Public License v3.0
7 stars 3 forks source link

Add public access capability #26

Closed kian99 closed 7 months ago

kian99 commented 7 months ago

Description

The library is missing functionality for public-access i.e. the ability to add a tuple of the form user:* <relation> <object>. If the authorization model is designed to accept the wildcard, then a tuple with will allow access for all users and ensures any check of the form can user alice access resource foo will work without explicitly defining Alice's access.

I've added tests to confirm this works and also updated the regex expression to allow the wildcard character (I also cleaned up the regex where I think it should've been A-Za-z instead of A-za-z).

One important note is that with the current regex match, the string user:*abc#test matches everything up to the and the rest is discarded. Because the wildcard card should only ever be alone I tried to update the regex to enforce this and came up with the below which uses a negative lookahead match but unfortunately Go's stdlib regex parser doesn't support negative lookahead. `([A-Za-z0-9][A-Za-z0-9-]):([A-Za-z0-9][A-Za-z0-9@.+-]|[](?![^#]))(#([A-Za-z0-9][A-Za-z0-9-]*))?`

Engineering checklist

Check only items that apply

Merging instructions

The preferred way of merging: