admin管理员组文章数量:1414853
I am trying to implement something like this:
- At the bottom of a tree, we have a "Operation".
- One Operation can be a multiple nested "Operation"
- Then comes the "Task"
- One task can have many nested "Tasks" as well as one or many "Operations"
- Then comes "Roles"
- One Role can have many nested "Roles", Tasks" and "Operations"
I want to make sure the following:
group:group_1 isAllowed operation:role_1_1_task_1_task_1_op_1
group:group_4 isAllowed operation:role_1_1_task_1_task_1_op_1
Here is my DSL:
model
schema 1.1
type group
type operation
relations
define allowed_group: [group]
define isAllowed: allowed_group or allowed_group from parent_operation or isAllowed from parent_task or isAllowed from parent_role
define parent_operation: [operation]
define parent_role: [role]
define parent_task: [task]
type task
relations
define allowed_group: [group]
define isAllowed: allowed_group or allowed_group from parent_task or isAllowed from parent_role
define parent_role: [role]
define parent_task: [task]
type role
relations
define allowed_group: [group]
define isAllowed: allowed_group or isAllowed from parent_role
define parent_role: [role]
Here are my tuples:
USER group:group_1
RELATION allowed_group
OBJECT role:role_1
USER role:role_1
RELATION parent_role
OBJECT operation:role_1_op_1
USER role:role_1
RELATION parent_role
OBJECT role:role_1_1
USER role:role_1_1
RELATION parent_role
OBJECT operation:role_1_1_op_1
USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_1
USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_2
USER task:role_1_1_task_2
RELATION parent_task
OBJECT operation:role_1_1_task_2_op_1
USER task:role_1_1_task_1
RELATION parent_task
OBJECT task:role_1_1_task_1_task_1
USER task:role_1_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_op_1
USER group:group_2
RELATION allowed_group
OBJECT operation:role_1_op_1
USER group:group_7
RELATION allowed_group
OBJECT operation:role_1_1_op_1
USER group:group_8
RELATION allowed_group
OBJECT operation:role_1_1_task_2_op_1
USER group:group_3
RELATION allowed_group
OBJECT task:role_1_task_1
USER role:role_1
RELATION parent_role
OBJECT task:role_1_task_1
USER group:group_4
RELATION allowed_group
OBJECT role:role_1_1
USER group:group_5
RELATION allowed_group
OBJECT task:role_1_1_task_1
USER group:group_9
RELATION allowed_group
OBJECT operation:role_1_1_task_1_task_1_op_1
USER group:group_6
RELATION allowed_group
OBJECT task:role_1_1_task_2
USER task:role_1_1_task_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_task_1_op_1
Here are my assertions so far:
USER group:group_4
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True
USER group:group_2
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED False
USER group:group_5
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True
USER group:group_6
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True
USER group:group_7
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True
It seems anything nesting not working.. In my path, I have two nested tasks. that seems to be an issue.
本文标签: open fgaNested structure issue with OpenFGAStack Overflow
版权声明:本文标题:open fga - Nested structure issue with OpenFGA - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745196376a2647156.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论