chore: cleanup old code and move some files (#305)

ory · Nov 10, 2020 · 19f88a2 · 19f88a2
1 parent 8d3ab23
commit 19f88a2
Show file tree

Hide file tree

Showing 27 changed files with 808 additions and 930 deletions.
diff --git a/Makefile b/Makefile
@@ -66,4 +66,4 @@ docker: deps
 
 .PHONY: gen-protobuf
 gen-protobuf:
-		protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative models/*.proto
+		protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative relationtuple/*.proto
diff --git a/check/engine.go b/check/engine.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/ory/keto/models"
 	"github.com/ory/keto/relationtuple"
 )
 
@@ -27,11 +26,11 @@ func NewEngine(d engineDependencies) *Engine {
 	}
 }
 
-func equalRelation(a, b *models.InternalRelationTuple) bool {
+func equalRelation(a, b *relationtuple.InternalRelationTuple) bool {
 	return a.Relation == b.Relation && a.Subject.Equals(b.Subject) && a.Object.Equals(b.Object)
 }
 
-func (e *Engine) subjectIsAllowed(ctx context.Context, requested *models.InternalRelationTuple, subjectRelations []*models.InternalRelationTuple) (bool, error) {
+func (e *Engine) subjectIsAllowed(ctx context.Context, requested *relationtuple.InternalRelationTuple, subjectRelations []*relationtuple.InternalRelationTuple) (bool, error) {
 	// This is the same as the graph problem "can requested.ObjectID be reached from requested.SubjectID through the incoming edge requested.Name"
 	//
 	// recursive breadth-first search
@@ -49,7 +48,7 @@ func (e *Engine) subjectIsAllowed(ctx context.Context, requested *models.Interna
 		prevRelationsLen := len(subjectRelations)
 
 		// compute one indirection
-		indirect, err := e.d.RelationTupleManager().GetRelationTuples(ctx, &models.RelationQuery{Subject: sr.DeriveSubject()})
+		indirect, err := e.d.RelationTupleManager().GetRelationTuples(ctx, &relationtuple.RelationQuery{Subject: sr.DeriveSubject()})
 		if err != nil {
 			// TODO fix error handling
 			_, _ = fmt.Fprintf(os.Stderr, "%+v", err)
@@ -81,8 +80,8 @@ func (e *Engine) subjectIsAllowed(ctx context.Context, requested *models.Interna
 	return res, nil
 }
 
-func (e *Engine) SubjectIsAllowed(ctx context.Context, r *models.InternalRelationTuple) (bool, error) {
-	subjectRelations, err := e.d.RelationTupleManager().GetRelationTuples(ctx, &models.RelationQuery{Subject: r.Subject})
+func (e *Engine) SubjectIsAllowed(ctx context.Context, r *relationtuple.InternalRelationTuple) (bool, error) {
+	subjectRelations, err := e.d.RelationTupleManager().GetRelationTuples(ctx, &relationtuple.RelationQuery{Subject: r.Subject})
 	if err != nil {
 		return false, err
 	}

diff --git a/check/engine_test.go b/check/engine_test.go
@@ -4,24 +4,25 @@ import (
 	"context"
 	"testing"
 
+	"github.com/ory/keto/relationtuple"
+
 	"github.com/ory/keto/check"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/ory/keto/driver"
-	"github.com/ory/keto/models"
 )
 
 func TestEngine(t *testing.T) {
 	t.Run("direct inclusion", func(t *testing.T) {
-		rel := models.InternalRelationTuple{
+		rel := relationtuple.InternalRelationTuple{
 			Relation: "access",
-			Object: &models.Object{
+			Object: &relationtuple.Object{
 				ID:        "object",
 				Namespace: "test",
 			},
-			Subject: &models.UserID{ID: "user"},
+			Subject: &relationtuple.UserID{ID: "user"},
 		}
 
 		reg := &driver.RegistryDefault{}
@@ -36,22 +37,22 @@ func TestEngine(t *testing.T) {
 
 	t.Run("indirect inclusion level 1", func(t *testing.T) {
 		// the set of users that are produces of "dust" have to remove it
-		dust := models.Object{
+		dust := relationtuple.Object{
 			ID:        "dust",
 			Namespace: "under the sofa",
 		}
-		mark := models.UserID{
+		mark := relationtuple.UserID{
 			ID: "Mark",
 		}
-		cleaningRelation := models.InternalRelationTuple{
+		cleaningRelation := relationtuple.InternalRelationTuple{
 			Relation: "have to remove",
 			Object:   &dust,
-			Subject: &models.UserSet{
+			Subject: &relationtuple.UserSet{
 				Relation: "producer",
 				Object:   &dust,
 			},
 		}
-		markProducesDust := models.InternalRelationTuple{
+		markProducesDust := relationtuple.InternalRelationTuple{
 			Relation: "producer",
 			Object:   &dust,
 			Subject:  &mark,
@@ -62,7 +63,7 @@ func TestEngine(t *testing.T) {
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: cleaningRelation.Relation,
 			Object:   &dust,
 			Subject:  &mark,
@@ -72,12 +73,12 @@ func TestEngine(t *testing.T) {
 	})
 
 	t.Run("direct exclusion", func(t *testing.T) {
-		user := &models.UserID{
+		user := &relationtuple.UserID{
 			ID: "user-id",
 		}
-		rel := models.InternalRelationTuple{
+		rel := relationtuple.InternalRelationTuple{
 			Relation: "relation",
-			Object: &models.Object{
+			Object: &relationtuple.Object{
 				ID:        "object-id",
 				Namespace: "object-namespace",
 			},
@@ -89,39 +90,39 @@ func TestEngine(t *testing.T) {
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: rel.Relation,
 			Object:   rel.Object,
-			Subject:  &models.UserID{ID: "not " + user.ID},
+			Subject:  &relationtuple.UserID{ID: "not " + user.ID},
 		})
 		require.NoError(t, err)
 		assert.False(t, res)
 	})
 
 	t.Run("wrong object ID", func(t *testing.T) {
-		object := models.Object{
+		object := relationtuple.Object{
 			ID: "object",
 		}
-		access := models.InternalRelationTuple{
+		access := relationtuple.InternalRelationTuple{
 			Relation: "access",
 			Object:   &object,
-			Subject: &models.UserSet{
+			Subject: &relationtuple.UserSet{
 				Relation: "owner",
 				Object:   &object,
 			},
 		}
-		user := models.InternalRelationTuple{
+		user := relationtuple.InternalRelationTuple{
 			Relation: "owner",
-			Object:   &models.Object{ID: "not " + object.ID},
-			Subject:  &models.UserID{ID: "user"},
+			Object:   &relationtuple.Object{ID: "not " + object.ID},
+			Subject:  &relationtuple.UserID{ID: "user"},
 		}
 
 		reg := &driver.RegistryDefault{}
 		require.NoError(t, reg.RelationTupleManager().WriteRelationTuples(context.Background(), &access, &user))
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: access.Relation,
 			Object:   &object,
 			Subject:  user.Subject,
@@ -131,31 +132,31 @@ func TestEngine(t *testing.T) {
 	})
 
 	t.Run("wrong relation name", func(t *testing.T) {
-		diaryEntry := &models.Object{
+		diaryEntry := &relationtuple.Object{
 			ID:        "entry for 6. Nov 2020",
 			Namespace: "diary",
 		}
 		// this would be a userset rewrite
-		readDiary := models.InternalRelationTuple{
+		readDiary := relationtuple.InternalRelationTuple{
 			Relation: "read",
 			Object:   diaryEntry,
-			Subject: &models.UserSet{
+			Subject: &relationtuple.UserSet{
 				Relation: "author",
 				Object:   diaryEntry,
 			},
 		}
-		user := models.InternalRelationTuple{
+		user := relationtuple.InternalRelationTuple{
 			Relation: "not author",
 			Object:   diaryEntry,
-			Subject:  &models.UserID{ID: "your mother"},
+			Subject:  &relationtuple.UserID{ID: "your mother"},
 		}
 
 		reg := &driver.RegistryDefault{}
 		require.NoError(t, reg.RelationTupleManager().WriteRelationTuples(context.Background(), &readDiary, &user))
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: readDiary.Relation,
 			Object:   diaryEntry,
 			Subject:  user.Subject,
@@ -165,38 +166,38 @@ func TestEngine(t *testing.T) {
 	})
 
 	t.Run("indirect inclusion level 2", func(t *testing.T) {
-		object := models.Object{
+		object := relationtuple.Object{
 			ID:        "some object",
 			Namespace: "some namespace",
 		}
-		user := models.UserID{
+		user := relationtuple.UserID{
 			ID: "some user",
 		}
-		organization := models.Object{
+		organization := relationtuple.Object{
 			ID:        "some organization",
 			Namespace: "all organizations",
 		}
 
-		ownerUserSet := models.UserSet{
+		ownerUserSet := relationtuple.UserSet{
 			Relation: "owner",
 			Object:   &object,
 		}
-		orgMembers := models.UserSet{
+		orgMembers := relationtuple.UserSet{
 			Relation: "member",
 			Object:   &organization,
 		}
 
-		writeRel := models.InternalRelationTuple{
+		writeRel := relationtuple.InternalRelationTuple{
 			Relation: "write",
 			Object:   &object,
 			Subject:  &ownerUserSet,
 		}
-		orgOwnerRel := models.InternalRelationTuple{
+		orgOwnerRel := relationtuple.InternalRelationTuple{
 			Relation: ownerUserSet.Relation,
 			Object:   &object,
 			Subject:  &orgMembers,
 		}
-		userMembershipRel := models.InternalRelationTuple{
+		userMembershipRel := relationtuple.InternalRelationTuple{
 			Relation: orgMembers.Relation,
 			Object:   orgMembers.Object,
 			Subject:  &user,
@@ -208,7 +209,7 @@ func TestEngine(t *testing.T) {
 		e := check.NewEngine(reg)
 
 		// user can write object
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: writeRel.Relation,
 			Object:   &object,
 			Subject:  &user,
@@ -217,7 +218,7 @@ func TestEngine(t *testing.T) {
 		assert.True(t, res)
 
 		// user is member of the organization
-		res, err = e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err = e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: orgMembers.Relation,
 			Object:   &organization,
 			Subject:  &user,
@@ -233,31 +234,31 @@ func TestEngine(t *testing.T) {
 		// as we don't know how to interpret the "parent" relation, there would have to be a userset rewrite to allow access
 		// to files when you have access to the parent
 
-		file := models.Object{ID: "file"}
-		directory := models.Object{ID: "directory"}
-		user := models.UserID{ID: "user"}
+		file := relationtuple.Object{ID: "file"}
+		directory := relationtuple.Object{ID: "directory"}
+		user := relationtuple.UserID{ID: "user"}
 
-		parent := models.InternalRelationTuple{
+		parent := relationtuple.InternalRelationTuple{
 			Relation: "parent",
 			Object:   &file,
-			Subject: &models.UserSet{ // <- this is only an object, but this is allowed as a userset can have the "..." relation which means any relation
+			Subject: &relationtuple.UserSet{ // <- this is only an object, but this is allowed as a userset can have the "..." relation which means any relation
 				Object: &directory,
 			},
 		}
-		directoryAccess := models.InternalRelationTuple{
+		directoryAccess := relationtuple.InternalRelationTuple{
 			Relation: "access",
 			Object:   &directory,
 			Subject:  &user,
 		}
 
 		reg := &driver.RegistryDefault{}
-		for _, r := range []*models.InternalRelationTuple{&parent, &directoryAccess} {
+		for _, r := range []*relationtuple.InternalRelationTuple{&parent, &directoryAccess} {
 			require.NoError(t, reg.RelationTupleManager().WriteRelationTuples(context.Background(), r))
 		}
 
 		e := check.NewEngine(reg)
 
-		res, err := e.SubjectIsAllowed(context.Background(), &models.InternalRelationTuple{
+		res, err := e.SubjectIsAllowed(context.Background(), &relationtuple.InternalRelationTuple{
 			Relation: directoryAccess.Relation,
 			Object:   &file,
 			Subject:  &user,

diff --git a/check/handler.go b/check/handler.go
@@ -3,9 +3,10 @@ package check
 import (
 	"net/http"
 
+	"github.com/ory/keto/relationtuple"
+
 	"github.com/julienschmidt/httprouter"
 
-	"github.com/ory/keto/models"
 	"github.com/ory/keto/x"
 )
 
@@ -35,10 +36,10 @@ func (h *handler) getCheck(w http.ResponseWriter, r *http.Request, _ httprouter.
 	objectID := r.URL.Query().Get("object-id")
 	relationName := r.URL.Query().Get("relation-name")
 
-	res, err := h.d.PermissionEngine().SubjectIsAllowed(r.Context(), &models.InternalRelationTuple{
+	res, err := h.d.PermissionEngine().SubjectIsAllowed(r.Context(), &relationtuple.InternalRelationTuple{
 		Relation: relationName,
-		Object:   (&models.Object{}).FromString(objectID),
-		Subject:  models.SubjectFromString(subjectID),
+		Object:   (&relationtuple.Object{}).FromString(objectID),
+		Subject:  relationtuple.SubjectFromString(subjectID),
 	})
 	if err != nil {
 		h.d.Writer().WriteError(w, r, err)