cmmoran
commented
5 months ago I think you may be taking a narrow view of what object is. In your scenario, an object represents an entity within some arbitrary hierarchy. This isn't always the case. Some objects are just objects; no hierarchy at all.
I would submit that it's not keto's job to figure this out. This can be solved via constructs currently available within keto.
For example, if you add a parent relation to your videos namespace, you could add a permits that would allow view on an arbitrary object if that object has a parent that allows view on the given subject.
/* ... omitted for brevity ... */
// Note, I'm using "Videos" but the correct namespace name _should be_ "Video" (singular)
class Videos implements Namespace {
related: {
owner: Videos[]
}
permits = {
can_view: (ctx: Context): boolean =>
this.related.owner.traverse((o) => o.permits(ctx))
}
}NOTE: I did not test the above logic. The parser in my brain says it's AOK. I wasn't aiming for code completion. I wished to give an example of one theoretical way this isn't really an issue and can be implemented in one of a few different ways.
Preflight checklist
Ory Network Project
No response
Describe the bug
The object doesn`t support expression of '*'
Reproducing the bug
I added this to the API when I following the cats example to allow anyone to view the items under the folder of /cats
{ "namespace": "videos", "object": "/cats/*", "relation": "view", "subject_id": "*" }but it doesn`t work as expected
Relevant log output
Relevant configuration
No response
Version
keto_0.11.1-alpha.0-windows_64bit
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response