graph

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrResolutionDepthExceeded = errors.New("resolution depth exceeded")
	ErrTargetError             = errors.New("graph: target incorrectly specified")
	ErrNotImplemented          = errors.New("graph: intersection and exclusion are not yet implemented")
)

Functions

func ContextWithResolutionDepth added in v0.2.5 

func ContextWithResolutionDepth(parent context.Context, depth uint32) context.Context

ContextWithResolutionDepth attaches the provided graph resolution depth to the parent context.

func ResolutionDepthFromContext added in v0.2.5 

func ResolutionDepthFromContext(ctx context.Context) (uint32, bool)

ResolutionDepthFromContext returns the current graph resolution depth from the provided context (if any).

Types

type CheckFuncReducer added in v0.3.5 

type CheckFuncReducer func(ctx context.Context, concurrencyLimit uint32, handlers ...CheckHandlerFunc) (*openfgapb.CheckResponse, error)

CheckFuncReducer defines a function that combines or reduces one or more CheckHandlerFunc into a single CheckResponse with a maximum limit on the number of concurrent evaluations that can be in flight at any given time.

type CheckHandlerFunc added in v0.3.5 

type CheckHandlerFunc func(ctx context.Context) (*openfgapb.CheckResponse, error)

CheckHandlerFunc defines a function that evaluates a CheckResponse or returns an error otherwise.

type CheckResolver added in v0.3.5 

type CheckResolver interface {
	ResolveCheck(ctx context.Context, req *ResolveCheckRequest) (*ResolveCheckResponse, error)
}

CheckResolver represents an interface that can be implemented to provide recursive resolution of a Check.

type ConnectedObjectGraph 

type ConnectedObjectGraph struct {
	// contains filtered or unexported fields
}

ConnectedObjectGraph represents a graph of relationships and the connectivity between object and relation references within the graph through direct or indirect relationships. The ConnectedObjectGraph should be used to introspect what kind of relationships between object types can exist.

func BuildConnectedObjectGraph 

func BuildConnectedObjectGraph(typesystem *typesystem.TypeSystem) *ConnectedObjectGraph

BuildConnectedObjectGraph builds an object graph representing the graph of relationships between connected object types either through direct or indirect relationships.

func (*ConnectedObjectGraph) RelationshipIngresses 

func (g *ConnectedObjectGraph) RelationshipIngresses(target *openfgapb.RelationReference, source *openfgapb.RelationReference) ([]*RelationshipIngress, error)

RelationshipIngresses computes the incoming edges (ingresses) that are possible between the target relation reference and the source relational reference.

To look up Ingresses(`document#viewer`, `source`), where `source` is a type with no relation, look up the definition of relation `document#viewer` and: 1. If `source` is a directly related type then add `source, direct` to the result. 2. If `objectType#relation` is a type and `objectType#relation` can be a `source` then add `objectType#relation, direct` to the result. 3. If computed userset, say `define viewer as writer`, then recurse on `document#writer, source`. 4. If tuple-to-userset, say, `define viewer as viewer from parent`. Go to parent and find its types. In this case, `folder`. Go to `folder` and see if it has a `viewer` relation. If so, recurse on `folder#viewer, source`.

To look up Ingresses(`document#viewer`, `folder#viewer`), look up the definition of relation `document#viewer` and: 1. If `folder#viewer` is a directly related type then add `folder#viewer, direct` to the result. 2. If computed userset, say `define viewer as writer`, then recurse on `document#writer, folder#viewer`. 3. If tuple-to-userset, say, `define viewer as viewer from parent`. Go to parent and find its related types.

  1. If parent's types includes `folder` type, and `folder` contains `viewer` relation then this is exactly a ttu rewrite and....?
  2. Otherwise, suppose the types contains `objectType` which has a relation `viewer`, then recurse on `objectType#viewer, folder#viewer`

type LocalChecker added in v0.3.5 

type LocalChecker struct {
	// contains filtered or unexported fields
}

LocalChecker implements Check in a highly concurrent and localized manner. The Check resolution is limited per branch of evaluation by the concurrencyLimit.

func NewLocalChecker added in v0.3.5 

func NewLocalChecker(
	ds storage.RelationshipTupleReader,
	concurrencyLimit uint32,
) *LocalChecker

NewLocalChecker constructs a LocalChecker that can be used to evaluate a Check request locally and with a high degree of concurrency.

func (*LocalChecker) ResolveCheck added in v0.3.5 

func (c *LocalChecker) ResolveCheck(
	ctx context.Context,
	req *ResolveCheckRequest,
) (*ResolveCheckResponse, error)

type RelationshipIngress 

type RelationshipIngress struct {

	// The type of the relationship ingress
	Type RelationshipIngressType

	// The relationship reference that defines the ingress to some target relation
	Ingress *openfgapb.RelationReference

	// TuplesetRelation defines the tupleset relation reference that relates a source
	// object reference with a target if the type of the relationship ingress is that
	// of a TupleToUserset
	TuplesetRelation *openfgapb.RelationReference
}

RelationshipIngress represents a possible ingress point between some source object reference and a target user reference.

type RelationshipIngressType 

type RelationshipIngressType int

RelationshipIngressType is used to define an enum of the type of ingresses between source object references and target user references that exist in the graph of relationships. 

const (
	// DirectIngress defines a direct ingress connection between a source object reference
	// and some target user reference.
	DirectIngress RelationshipIngressType = iota
	TupleToUsersetIngress
	ComputedUsersetIngress
)

func (RelationshipIngressType) String added in v0.3.5 

func (r RelationshipIngressType) String() string

type ResolutionMetadata added in v0.3.5 

type ResolutionMetadata struct {
	Depth uint32
}

type ResolveCheckRequest added in v0.3.5 

type ResolveCheckRequest struct {
	StoreID              string
	AuthorizationModelID string
	TupleKey             *openfgapb.TupleKey
	ContextualTuples     []*openfgapb.TupleKey
	ResolutionMetadata   *ResolutionMetadata
}

func (*ResolveCheckRequest) GetAuthorizationModelID added in v0.3.5 

func (r *ResolveCheckRequest) GetAuthorizationModelID() string

func (*ResolveCheckRequest) GetContextualTuples added in v0.3.5 

func (r *ResolveCheckRequest) GetContextualTuples() []*openfgapb.TupleKey

func (*ResolveCheckRequest) GetResolutionMetadata added in v0.3.5 

func (r *ResolveCheckRequest) GetResolutionMetadata() *ResolutionMetadata

func (*ResolveCheckRequest) GetStoreID added in v0.3.5 

func (r *ResolveCheckRequest) GetStoreID() string

func (*ResolveCheckRequest) GetTupleKey added in v0.3.5 

func (r *ResolveCheckRequest) GetTupleKey() *openfgapb.TupleKey

type ResolveCheckResponse added in v0.3.5 

type ResolveCheckResponse struct {
	Allowed bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.