Skip to content

Releases: cmmoran/keto

v0.12.0.alpha.1

22 Feb 12:54
d98dbdb
Compare
Choose a tag to compare

Full Changelog: https://github.com/cmmoran/keto/commits/v0.12.0.alpha.1

  • feat: nested arbitrary depth traversals
  • feat: subject == object ( this.equals(ctx.subject) ) and support for this syntax at any depth
  • feat: support for multiple binary/unary boolean operations within subject-set rewrite definitions
    • current parser only supports single comparison within a traverse statement. this release updates the parser to allow multiple "checks" under the same traversal context. Example:
related: {
  foo: Foo[]
}
permits = {
  allows: (ctx: Context): boolean =>
    this.related.foo.traverse(f => {
      f.related.bar.includes(ctx.subject) ||
      f.permits.allows(ctx)
    })
}
  • feat: added global semantic support for Intersections (to support currently-supported Unions).
    • current support for unions requires ALL entities to "implement" a relation in the case that a relation is "typed" to a Union type. This release supports "intersection types" that require only one member of the intersection type to implement the relation in question during a traversal.
  • feat: Simplified checks where the subject is expected to be a subject-id even though it was specified in a tuple as a subject-set. Ex:
Permission:admin-permissions#can_edit@User:Tom
Permission:admin-permissions#can_edit@Tom

The above tuple specifies two very different things. In the first, User:Tom is actually a subject-set with the relation of <blank> so canonically it could be fully expanded to: Permission:admin-permissions#can_edit@User:Tom#. This is unlikely to be the intent of the tuple creator. The second scenario defines Tom as a subject-id. Performing a check with the two above criterion will yield differing results unless BOTH tuples were added to the system. In the case of the first tuple, checks involving the subject-id Tom will return false. In the case of the second scenario, checks involving the subject-set User:Tom will also return false. This release normalizes the return values of this check by verifying that the ID in question, in this case Tom is exactly equal to the ID that was specified in the defining tuple.