From e790e6d8c65880de7abd67a0bbb3395fccf62da3 Mon Sep 17 00:00:00 2001 From: Alec Henninger Date: Tue, 16 May 2023 09:48:17 -0400 Subject: [PATCH 1/3] Explain arrow on subject relation I did not see the behavior of arrows on subject relations documented. This caught me, so I tried to explain here it based on the explanation by Joey in https://discord.com/channels/844600078504951838/1107792003120500766. --- docs/reference/schema-lang.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/reference/schema-lang.md b/docs/reference/schema-lang.md index 8f1095c4..3c462cb0 100644 --- a/docs/reference/schema-lang.md +++ b/docs/reference/schema-lang.md @@ -214,6 +214,13 @@ permission can_only_read = reader - writer Arrows allow for "walking" the heirarchy of relations (and permissions) defined for an object, referencing a permission or relation on the _resulting_ object. +::info When using the arrow operator on a subject relation, such as the `group#member` subject relation in the `relation member: user | group#member` example above, +the resulting object is the _subject_ of the subject relation, not the relation itself. + +That is, an expression like `member->verb` (where `member` was a `group#member`) would reference the `verb` permission on the related `group`, +not the `#member`s of the `group`. +:: + For example, imagine a schema where a document is found under a folder: ```zed From 005f7f92c8ec1cfa9bbc40340ee5f99c6588a75d Mon Sep 17 00:00:00 2001 From: Alec Henninger Date: Tue, 16 May 2023 19:37:57 -0400 Subject: [PATCH 2/3] Add missing colons --- docs/reference/schema-lang.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/schema-lang.md b/docs/reference/schema-lang.md index 3c462cb0..b5e2c091 100644 --- a/docs/reference/schema-lang.md +++ b/docs/reference/schema-lang.md @@ -214,12 +214,12 @@ permission can_only_read = reader - writer Arrows allow for "walking" the heirarchy of relations (and permissions) defined for an object, referencing a permission or relation on the _resulting_ object. -::info When using the arrow operator on a subject relation, such as the `group#member` subject relation in the `relation member: user | group#member` example above, +:::info When using the arrow operator on a subject relation, such as the `group#member` subject relation in the `relation member: user | group#member` example above, the resulting object is the _subject_ of the subject relation, not the relation itself. That is, an expression like `member->verb` (where `member` was a `group#member`) would reference the `verb` permission on the related `group`, not the `#member`s of the `group`. -:: +::: For example, imagine a schema where a document is found under a folder: From 4320f700378a25d38d46ac87c1282c8cd8d46bde Mon Sep 17 00:00:00 2001 From: Alec Henninger Date: Mon, 22 May 2023 21:05:51 -0400 Subject: [PATCH 3/3] Update schema-lang.md Fix section heading --- docs/reference/schema-lang.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/reference/schema-lang.md b/docs/reference/schema-lang.md index b5e2c091..5eb67123 100644 --- a/docs/reference/schema-lang.md +++ b/docs/reference/schema-lang.md @@ -214,11 +214,10 @@ permission can_only_read = reader - writer Arrows allow for "walking" the heirarchy of relations (and permissions) defined for an object, referencing a permission or relation on the _resulting_ object. -:::info When using the arrow operator on a subject relation, such as the `group#member` subject relation in the `relation member: user | group#member` example above, -the resulting object is the _subject_ of the subject relation, not the relation itself. +:::info +When using the arrow operator on a subject relation, such as the `group#member` subject relation in the `relation member: user | group#member` example above, the resulting object is the _subject_ of the subject relation, not the relation itself. -That is, an expression like `member->verb` (where `member` was a `group#member`) would reference the `verb` permission on the related `group`, -not the `#member`s of the `group`. +That is, an expression like `member->verb` (where `member` was a `group#member`) would reference the `verb` permission on the related `group`, not the `#member`s of the `group`. ::: For example, imagine a schema where a document is found under a folder: