Open swantzter opened 1 year ago
Oh and of course, it's worth nothing that this probably needs some sort of extension of the generated type, since the checking and writing will take different things.
A check for group#members (resolving to user) for example would take [user, 1] as subject, whereas a write would take [group, 1, members] as the subject
Currently if a relation is defined with the
#
in them, the actual subject types aren't resolved but instead the left hand side of the#
gets added as a valid subjectWhat needs to happen in the code below is that if
objRef.target != null
, it should be resolved by looking at the object type named on the left hand side (objRef.name
), finding a permission or relation on said object named the right hand side (objRef.target
), if it's a permission it has to be expanded with the arrow expression logic from #2 until it boils down to one or more object types that can be added as subject typeshttps://github.com/swantzter/authzed-ts/blob/10b9a36b592c7002f909c17b14e24a1931d8621a/generator/lib/generator.ts#L99-L110
It is likely this needs to happen in a second pass to be able to validate that everything exists - or we just skip validations for these and hope for the best