Skip to content

Commit

Permalink
feat: allow permits referencing permits
Browse files Browse the repository at this point in the history 
You can now use `this.permits.<permission>(ctx)` to reference another
permission in a permission declaration.

Example:

  comment: (ctx: Context) => this.permits.read(ctx)
  • Loading branch information
@hperl
hperl committed Oct 12, 2022
1 parent b51d215 commit c4d84f6
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 10 deletions.
11 changes: 11 additions & 0 deletions internal/schema/.snapshots/TestParser-suite=snapshots-advanced_typescript_syntax.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,17 @@
]
}
},
{
"name": "comment",
"rewrite": {
"operator": "or",
"children": [
{
"relation": "read"
}
]
}
},
{
"name": "update",
"rewrite": {
Expand Down
34 changes: 26 additions & 8 deletions internal/schema/parser.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,18 +395,36 @@ func setOperation(typ itemType) ast.Operator {
}

func (p *parser) parsePermissionExpression() (child ast.Child) {
var name item
var name, verb item

if !p.match("this", ".", "related", ".", &name, ".") {
if !p.match("this", ".", &verb, ".", &name) {
return
}
switch item := p.next(); item.Val {
case "traverse":
child = p.parseTupleToSubjectSet(name)
case "includes":
child = p.parseComputedSubjectSet(name)

switch verb.Val {
case "related":
if !p.match(".") {
return
}
switch item := p.next(); item.Val {
case "traverse":
child = p.parseTupleToSubjectSet(name)
case "includes":
child = p.parseComputedSubjectSet(name)
default:
p.addFatal(item, "expected 'traverse' or 'includes', got %q", item.Val)
}

case "permits":
if !p.match("(", "ctx", ")") {
return
}
p.addCheck(checkCurrentNamespaceHasRelation(&p.namespace, name))
return &ast.ComputedSubjectSet{Relation: name.Val}

default:
p.addFatal(item, "expected 'traverse' or 'includes', got %q", item.Val)
p.addFatal(verb, "expected 'related' or 'permits', got %q", verb.Val)

}

return
Expand Down
3 changes: 1 addition & 2 deletions internal/schema/parser_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,7 @@ class Resource implements Namespace {
this.related.medicalAnnotators.traverse((role) => role.related.member.includes(ctx.subject)) ||
this.related.supervisors.traverse((role) => role.related.member.includes(ctx.subject)),
// TODO: support referencing permits.
// comment: (ctx: Context) => this.permits.read(ctx),
comment: (ctx: Context) => this.permits.read(ctx),
update: (ctx: Context) => this.related.admins.traverse((role) => role.related.member.includes(ctx.subject)) ||
this.related.annotators.traverse((role) => role.related.member.includes(ctx.subject)) ||
Expand Down

0 comments on commit c4d84f6

Please sign in to comment.