MCPcopy
hub / github.com/ory/keto / CheckRelationTuple

Method CheckRelationTuple

internal/check/engine.go:78–97  ·  view source on GitHub ↗

CheckRelationTuple checks if the relation tuple's subject has the relation on the object in the namespace either directly or indirectly and returns a check result.

(ctx context.Context, r *relationTuple, restDepth int)

Source from the content-addressed store, hash-verified

76// the object in the namespace either directly or indirectly and returns a check
77// result.
78func (e *Engine) CheckRelationTuple(ctx context.Context, r *relationTuple, restDepth int) (res checkgroup.Result) {
79 ctx, span := e.d.Tracer(ctx).Tracer().Start(ctx, "Engine.CheckRelationTuple")
80 defer otelx.End(span, &res.Err)
81
82 // global max-depth takes precedence when it is the lesser or if the request
83 // max-depth is less than or equal to 0
84 if globalMaxDepth := e.d.Config(ctx).MaxReadDepth(); restDepth <= 0 || globalMaxDepth < restDepth {
85 restDepth = globalMaxDepth
86 }
87
88 resultCh := make(chan checkgroup.Result)
89 go e.checkIsAllowed(ctx, r, restDepth, false)(ctx, resultCh)
90 select {
91 case result := <-resultCh:
92 trace.SpanFromContext(ctx).AddEvent(events.NewPermissionsChecked(ctx))
93 return result
94 case <-ctx.Done():
95 return checkgroup.Result{Err: errors.WithStack(ctx.Err())}
96 }
97}
98
99// checkExpandSubject checks the expansions of the subject set of the tuple.
100//

Callers 5

CheckIsMemberMethod · 0.95
BatchCheckMethod · 0.95
BenchmarkCheckEngineFunction · 0.95
TestUsersetRewritesFunction · 0.95

Calls 6

checkIsAllowedMethod · 0.95
NewPermissionsCheckedFunction · 0.92
MaxReadDepthMethod · 0.80
TracerMethod · 0.65
ConfigMethod · 0.65
DoneMethod · 0.65

Tested by 3

BenchmarkCheckEngineFunction · 0.76
TestUsersetRewritesFunction · 0.76