CheckRelationTuple checks if the relation tuple's subject has the relation on the object in the namespace either directly or indirectly and returns a check result.
(ctx context.Context, r *relationTuple, restDepth int)
| 76 | // the object in the namespace either directly or indirectly and returns a check |
| 77 | // result. |
| 78 | func (e *Engine) CheckRelationTuple(ctx context.Context, r *relationTuple, restDepth int) (res checkgroup.Result) { |
| 79 | ctx, span := e.d.Tracer(ctx).Tracer().Start(ctx, "Engine.CheckRelationTuple") |
| 80 | defer otelx.End(span, &res.Err) |
| 81 | |
| 82 | // global max-depth takes precedence when it is the lesser or if the request |
| 83 | // max-depth is less than or equal to 0 |
| 84 | if globalMaxDepth := e.d.Config(ctx).MaxReadDepth(); restDepth <= 0 || globalMaxDepth < restDepth { |
| 85 | restDepth = globalMaxDepth |
| 86 | } |
| 87 | |
| 88 | resultCh := make(chan checkgroup.Result) |
| 89 | go e.checkIsAllowed(ctx, r, restDepth, false)(ctx, resultCh) |
| 90 | select { |
| 91 | case result := <-resultCh: |
| 92 | trace.SpanFromContext(ctx).AddEvent(events.NewPermissionsChecked(ctx)) |
| 93 | return result |
| 94 | case <-ctx.Done(): |
| 95 | return checkgroup.Result{Err: errors.WithStack(ctx.Err())} |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | // checkExpandSubject checks the expansions of the subject set of the tuple. |
| 100 | // |