Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add check engine #277

Merged
merged 8 commits into from
Nov 6, 2020
Merged

feat: add check engine #277

merged 8 commits into from
Nov 6, 2020

Conversation

zepatrik
Copy link
Member

@zepatrik zepatrik commented Oct 26, 2020

Proposed changes

This adds an engine that is able to check permission requests.
In the relation model, the key UserID was renamed to SubjectID as it can contain users and user sets alike.

The algorithm works by breadth first search. It walks the graph of relations that apply to one subject recursively and checks whether there is a path from subject to object containing an edge labeled relation name.

The following example pictures simple relations and the corresponding graph (notation like in the zanzibar paper):

organization#member@user              <-- user is member of organization
object#owner@(organization#member)    <-- every organization member is owner of object
object#write@(object#owner)           <-- every object owner is allowed to write object

Request could be e.g.:

object#write@user            <-- is user allowed to write object?

@aeneasr aeneasr self-requested a review October 26, 2020 15:15
@zepatrik zepatrik merged commit 396c1ae into zanzibar Nov 6, 2020
@zepatrik zepatrik deleted the check-engine branch November 6, 2020 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant