-
Notifications
You must be signed in to change notification settings - Fork 245
/
check.go
51 lines (45 loc) · 1.84 KB
/
check.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package development
import (
v1api "github.com/authzed/authzed-go/proto/authzed/api/v1"
"github.com/authzed/spicedb/internal/graph/computed"
v1 "github.com/authzed/spicedb/internal/services/v1"
core "github.com/authzed/spicedb/pkg/proto/core/v1"
v1dispatch "github.com/authzed/spicedb/pkg/proto/dispatch/v1"
)
// CheckResult is the result of a RunCheck operation.
type CheckResult struct {
Permissionship v1dispatch.ResourceCheckResult_Membership
MissingCaveatFields []string
DispatchDebugInfo *v1dispatch.DebugInformation
V1DebugInfo *v1api.DebugInformation
}
// RunCheck performs a check against the data in the development context.
//
// Note that it is up to the caller to call DistinguishGraphError on the error
// if they want to distinguish between user errors and internal errors.
func RunCheck(devContext *DevContext, resource *core.ObjectAndRelation, subject *core.ObjectAndRelation, caveatContext map[string]any) (CheckResult, error) {
ctx := devContext.Ctx
cr, meta, err := computed.ComputeCheck(ctx, devContext.Dispatcher,
computed.CheckParameters{
ResourceType: &core.RelationReference{
Namespace: resource.Namespace,
Relation: resource.Relation,
},
Subject: subject,
CaveatContext: caveatContext,
AtRevision: devContext.Revision,
MaximumDepth: maxDispatchDepth,
DebugOption: computed.TraceDebuggingEnabled,
},
resource.ObjectId,
)
if err != nil {
return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err
}
reader := devContext.Datastore.SnapshotReader(devContext.Revision)
converted, err := v1.ConvertCheckDispatchDebugInformation(ctx, caveatContext, meta, reader)
if err != nil {
return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err
}
return CheckResult{cr.Membership, cr.MissingExprFields, meta.DebugInfo, converted}, nil
}