Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrTargetError = errors.New("graph: target incorrectly specified") ErrNotImplemented = errors.New("graph: intersection and exclusion are not yet implemented") )
Functions ¶
func ContextWithResolutionDepth ¶ added in v0.2.5
ContextWithResolutionDepth attaches the provided graph resolution depth to the parent context.
Types ¶
type ConnectedObjectGraph ¶
type ConnectedObjectGraph struct {
// contains filtered or unexported fields
}
ConnectedObjectGraph represents a graph of relationships and the connectivity between object and relation references within the graph through direct or indirect relationships. The ConnectedObjectGraph should be used to introspect what kind of relationships between object types can exist.
func BuildConnectedObjectGraph ¶
func BuildConnectedObjectGraph(typesystem *typesystem.TypeSystem) *ConnectedObjectGraph
BuildConnectedObjectGraph builds an object graph representing the graph of relationships between connected object types either through direct or indirect relationships.
func (*ConnectedObjectGraph) RelationshipIngresses ¶
func (g *ConnectedObjectGraph) RelationshipIngresses(target *openfgapb.RelationReference, source *openfgapb.RelationReference) ([]*RelationshipIngress, error)
RelationshipIngresses computes the incoming edges (ingresses) that are possible between the source object and relation and the target user (user or userset).
To look up Ingresses(`document#viewer`, `source`), where `source` is an object type with no relation, find the rewrites and types of viewer in the document type: 1. If `source` is a relational type then add `source, direct` to the result. 2. If `objectType#relation` is a type and `objectType#relation` can be a `source` then add `objectType#relation, direct` to the result. 3. If computed userset, say `define viewer as writer`, then recurse on `document#writer, source`. 4. If tuple-to-userset, say, viewer from parent. Go to parent and find its types. In this case, `folder`. Go to `folder` and see if it has a `viewer` relation. If so, recurse on `folder#viewer, source`.
To look up Ingresses(`document#viewer`, `folder#viewer`), find the rewrites and relations of viewer in the document type: 1. If `folder#viewer` is a relational type then add `folder#viewer, direct` to the result. 2. If computed userset, say `define viewer as writer`, then recurse on `document#writer, folder#viewer`. 3. If tuple-to-userset, say, viewer from parent. Go to parent and find its related types.
- If parent's types includes `folder` type, and `folder` contains `viewer` relation then this is exactly a ttu rewrite.
- Otherwise, suppose the types contains `objectType` which has a relation `viewer`, then recurse on `objectType#viewer, folder#viewer`
type RelationshipIngress ¶
type RelationshipIngress struct {
// The type of the relationship ingress
Type RelationshipIngressType
// The relationship reference that defines the ingress to some target relation
Ingress *openfgapb.RelationReference
// TuplesetRelation defines the tupleset relation reference that relates a source
// object reference with a target if the type of the relationship ingress is that
// of a TupleToUserset
TuplesetRelation *openfgapb.RelationReference
}
RelationshipIngress represents a possible ingress point between some source object reference and a target user reference.
type RelationshipIngressType ¶
type RelationshipIngressType int
RelationshipIngressType is used to define an enum of the type of ingresses between source object references and target user references that exist in the graph of relationships.
const ( // DirectIngress defines a direct ingress connection between a source object reference // and some target user reference. DirectIngress RelationshipIngressType = iota TupleToUsersetIngress )
Source Files