(ctx context.Context, start *relationtuple.RelationTuple, computedSubjectSets []string)
| 118 | } |
| 119 | |
| 120 | func (t *Traverser) TraverseSubjectSetRewrite(ctx context.Context, start *relationtuple.RelationTuple, computedSubjectSets []string) (res []*relationtuple.TraversalResult, err error) { |
| 121 | ctx, span := t.d.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.TraverseSubjectSetRewrite") |
| 122 | defer otelx.End(span, &err) |
| 123 | |
| 124 | namespaceManager, err := t.d.Config(ctx).NamespaceManager() |
| 125 | if err != nil { |
| 126 | return nil, err |
| 127 | } |
| 128 | |
| 129 | var relations []string |
| 130 | for _, relation := range computedSubjectSets { |
| 131 | astRel, _ := namespace.ASTRelationFor(ctx, namespaceManager, start.Namespace, relation) |
| 132 | // In strict mode, we can skip querying for those relations that have userset rewrites defined, |
| 133 | // because we can already apply those rewrites in memory. |
| 134 | if t.d.Config(ctx).StrictMode() && astRel != nil && astRel.SubjectSetRewrite != nil { |
| 135 | continue |
| 136 | } |
| 137 | relations = append(relations, relation) |
| 138 | } |
| 139 | |
| 140 | if len(relations) > 0 { |
| 141 | var rows relationTuples |
| 142 | |
| 143 | query := t.p.queryWithNetwork(ctx) |
| 144 | if err := t.p.whereQuery(ctx, query, &relationtuple.RelationQuery{ |
| 145 | Namespace: &start.Namespace, |
| 146 | Object: &start.Object, |
| 147 | Subject: start.Subject, |
| 148 | }); err != nil { |
| 149 | return nil, err |
| 150 | } |
| 151 | err = query.Where("relation IN (?)", relations).Limit(1).All(&rows) |
| 152 | if err != nil { |
| 153 | return nil, sqlcon.HandleError(err) |
| 154 | } |
| 155 | |
| 156 | // If we got any rows back, success! |
| 157 | if len(rows) > 0 { |
| 158 | r := rows[0] |
| 159 | to := r.ToInternal() |
| 160 | return []*relationtuple.TraversalResult{{ |
| 161 | From: start, |
| 162 | To: to, |
| 163 | Via: relationtuple.TraversalComputedUserset, |
| 164 | Found: true, |
| 165 | }}, nil |
| 166 | } |
| 167 | } |
| 168 | |
| 169 | // Otherwise, the next candidates are those tuples with relations from the rewrite |
| 170 | for _, relation := range computedSubjectSets { |
| 171 | res = append(res, &relationtuple.TraversalResult{ |
| 172 | From: start, |
| 173 | To: &relationtuple.RelationTuple{ |
| 174 | Namespace: start.Namespace, |
| 175 | Object: start.Object, |
| 176 | Relation: relation, |
| 177 | Subject: start.Subject, |
nothing calls this directly
no test coverage detected