search

swantzter / authzed-ts

A type-safe wrapper for @authzed/authzed-node using code generation
https://swantzter.github.io/authzed-ts/
MIT License
1 stars 0 forks source link

[generation] resolve subject relations #3

Open swantzter opened 1 year ago

swantzter commented 1 year ago

Currently if a relation is defined with the # in them, the actual subject types aren't resolved but instead the left hand side of the # gets added as a valid subject

What needs to happen in the code below is that if objRef.target != null, it should be resolved by looking at the object type named on the left hand side (objRef.name), finding a permission or relation on said object named the right hand side (objRef.target), if it's a permission it has to be expanded with the arrow expression logic from #2 until it boils down to one or more object types that can be added as subject types

https://github.com/swantzter/authzed-ts/blob/10b9a36b592c7002f909c17b14e24a1931d8621a/generator/lib/generator.ts#L99-L110

It is likely this needs to happen in a second pass to be able to validate that everything exists - or we just skip validations for these and hope for the best

swantzter commented 1 year ago

Oh and of course, it's worth nothing that this probably needs some sort of extension of the generated type, since the checking and writing will take different things.

A check for group#members (resolving to user) for example would take [user, 1] as subject, whereas a write would take [group, 1, members] as the subject