This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
ListObjects fails to retrieve all items #104
Comments
|
Thanks for raising this issue @danmunteanuevo! Please note the Just so that we enough data to know if this is a known issue or a new one can I ask you to share:
|
|
OpenFGA Latest Docker from 4 days ago: [v0.3.1] |
|
I have enabled on the docker the --experimentals="list-objects-optimized". The query are now faster for the other users/access rights and they work. |
|
It it planned to ever support returning all items a user has a relationship with? So that I can use |
@robinmanuelthiel it already is supported, but not well documented. If you provide a zero value for that config then it won't prematurely terminate. You can also use the StreamedListObjects API for streaming semantics, which may work better for your use case. The danger with disabling (with zero values) the Unfortunately, given the nature of the query resolution (it's a recursive breadth first search of a relationship graph), it's hard to paginate this dataset because it's not a fixed dataset and the graph evaluation is done concurrently (and thus is not ordered). The query is implemented as a dynamic graph traversal over relational data. This makes it particularly challenging to paginate, and hence the reason why we've chosen these alternative tradeoffs. I recommend giving the StreamedListObjects API a try and see how that works for you. Disable the |
|
@jon-whit Thanks a lot for the detailed answer. Will give it a try and report back! Did I understand correctly, that streaming the results still requires a lot of calculation on the server and still gets throttled or limited by the |
@robinmanuelthiel That is correct, yes. That's a perfect way to describe it. It's a more responsive way to receive the result stream, whereas the alternative |
|
@jon-whit Thanks for clarifying. Are there any plans to ever support pagination or something similar? My use-case is search, so I need to get all items of type Foo a user has access to and then filter my search results to only include these. As I am building a multi-tenant system, I can't afford that one search affects the permissions-performance for all other tenants, I am looking for a solution that gives me a paginated list of all items a user can access without running into memory/time issues on the permissions server :/ |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Although assert validates a read user from AdminTeam that it has read right to a certain resource,
the ListObjects method does not return all items that it actually has read access, and some times it returns different results on back to back calls.
Authorization Model (Schema v1.1)
DSL
JSON:
{ "schema_version": "1.1", "type_definitions": [{ "type": "organization", "relations": { "admin_team": { "this": {} }, "has_delete": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "owner_user" } }, { "tupleToUserset": { "tupleset": { "object": "", "relation": "admin_team" }, "computedUserset": { "object": "", "relation": "has_delete" } } }] } }, "has_read": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "has_write" } }, { "computedUserset": { "object": "", "relation": "read_user" } }, { "tupleToUserset": { "tupleset": { "object": "", "relation": "admin_team" }, "computedUserset": { "object": "", "relation": "has_read" } } }] } }, "has_write": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "owner_user" } }, { "computedUserset": { "object": "", "relation": "write_user" } }, { "tupleToUserset": { "tupleset": { "object": "", "relation": "admin_team" }, "computedUserset": { "object": "", "relation": "has_write" } } }] } }, "owner_user": { "this": {} }, "read_user": { "this": {} }, "write_user": { "this": {} } }, "metadata": { "relations": { "admin_team": { "directly_related_user_types": [{ "type": "super_team" }] }, "has_delete": { "directly_related_user_types": [] }, "has_read": { "directly_related_user_types": [] }, "has_write": { "directly_related_user_types": [] }, "owner_user": { "directly_related_user_types": [{ "type": "user" }] }, "read_user": { "directly_related_user_types": [{ "type": "user" }] }, "write_user": { "directly_related_user_types": [{ "type": "user" }] } } } }, { "type": "organization_resource", "relations": { "has_delete": { "tupleToUserset": { "tupleset": { "object": "", "relation": "parent_org" }, "computedUserset": { "object": "", "relation": "has_delete" } } }, "has_read": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "has_write" } }, { "tupleToUserset": { "tupleset": { "object": "", "relation": "parent_org" }, "computedUserset": { "object": "", "relation": "has_read" } } }] } }, "has_write": { "tupleToUserset": { "tupleset": { "object": "", "relation": "parent_org" }, "computedUserset": { "object": "", "relation": "has_write" } } }, "parent_org": { "this": {} } }, "metadata": { "relations": { "has_delete": { "directly_related_user_types": [] }, "has_read": { "directly_related_user_types": [] }, "has_write": { "directly_related_user_types": [] }, "parent_org": { "directly_related_user_types": [{ "type": "organization" }] } } } }, { "type": "super_team", "relations": { "has_delete": { "computedUserset": { "object": "", "relation": "manager_user" } }, "has_read": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "has_write" } }, { "computedUserset": { "object": "", "relation": "read_user" } }] } }, "has_write": { "union": { "child": [{ "computedUserset": { "object": "", "relation": "manager_user" } }, { "computedUserset": { "object": "", "relation": "write_user" } }] } }, "manager_user": { "this": {} }, "read_user": { "this": {} }, "write_user": { "this": {} } }, "metadata": { "relations": { "has_delete": { "directly_related_user_types": [] }, "has_read": { "directly_related_user_types": [] }, "has_write": { "directly_related_user_types": [] }, "manager_user": { "directly_related_user_types": [{ "type": "user" }] }, "read_user": { "directly_related_user_types": [{ "type": "user" }] }, "write_user": { "directly_related_user_types": [{ "type": "user" }] } } } }, { "type": "user", "relations": {} }] }The text was updated successfully, but these errors were encountered: