MCPcopy
hub / github.com/ory/keto / TraverseSubjectSetRewrite

Method TraverseSubjectSetRewrite

internal/persistence/sql/traverser.go:120–185  ·  view source on GitHub ↗
(ctx context.Context, start *relationtuple.RelationTuple, computedSubjectSets []string)

Source from the content-addressed store, hash-verified

118}
119
120func (t *Traverser) TraverseSubjectSetRewrite(ctx context.Context, start *relationtuple.RelationTuple, computedSubjectSets []string) (res []*relationtuple.TraversalResult, err error) {
121 ctx, span := t.d.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.TraverseSubjectSetRewrite")
122 defer otelx.End(span, &err)
123
124 namespaceManager, err := t.d.Config(ctx).NamespaceManager()
125 if err != nil {
126 return nil, err
127 }
128
129 var relations []string
130 for _, relation := range computedSubjectSets {
131 astRel, _ := namespace.ASTRelationFor(ctx, namespaceManager, start.Namespace, relation)
132 // In strict mode, we can skip querying for those relations that have userset rewrites defined,
133 // because we can already apply those rewrites in memory.
134 if t.d.Config(ctx).StrictMode() && astRel != nil && astRel.SubjectSetRewrite != nil {
135 continue
136 }
137 relations = append(relations, relation)
138 }
139
140 if len(relations) > 0 {
141 var rows relationTuples
142
143 query := t.p.queryWithNetwork(ctx)
144 if err := t.p.whereQuery(ctx, query, &relationtuple.RelationQuery{
145 Namespace: &start.Namespace,
146 Object: &start.Object,
147 Subject: start.Subject,
148 }); err != nil {
149 return nil, err
150 }
151 err = query.Where("relation IN (?)", relations).Limit(1).All(&rows)
152 if err != nil {
153 return nil, sqlcon.HandleError(err)
154 }
155
156 // If we got any rows back, success!
157 if len(rows) > 0 {
158 r := rows[0]
159 to := r.ToInternal()
160 return []*relationtuple.TraversalResult{{
161 From: start,
162 To: to,
163 Via: relationtuple.TraversalComputedUserset,
164 Found: true,
165 }}, nil
166 }
167 }
168
169 // Otherwise, the next candidates are those tuples with relations from the rewrite
170 for _, relation := range computedSubjectSets {
171 res = append(res, &relationtuple.TraversalResult{
172 From: start,
173 To: &relationtuple.RelationTuple{
174 Namespace: start.Namespace,
175 Object: start.Object,
176 Relation: relation,
177 Subject: start.Subject,

Callers

nothing calls this directly

Calls 8

ASTRelationForFunction · 0.92
StrictModeMethod · 0.80
queryWithNetworkMethod · 0.80
whereQueryMethod · 0.80
ToInternalMethod · 0.80
TracerMethod · 0.65
NamespaceManagerMethod · 0.65
ConfigMethod · 0.65

Tested by

no test coverage detected