#Check Access Control

Hello @ancient helm , the correct PATH should be POST /v1/tenants/{tenant_id}/permissions/check. Thank you for pointing that out; we will correct it as soon as possible. For the other issue, can you share me node code and HTTP request?

Check Access Control

I'll share the result to start off with:

grpc:

 {
   tenantId: 'ez_01HQB8Y38WNGBF7A4NSBBZJEWC',
   metadata: { snapToken: '', schemaVersion: 'cni6cpauhkuc73dn4gf0', depth: 20 },
   entity: { type: 'todo', id: 'all' },
   permission: 'create',
   subject: { type: 'user', id: 'e4b4552a-7bf5-4a2c-a284-3bff0dc59dc7' }
 }

 {
    "message": "Permission allowed",
    "response": {
        "can": 2,
        "metadata": {
            "checkCount": 1
        }
    }
}

http:

http://localhost:3476/v1/tenants/ez_01HQB8Y38WNGBF7A4NSBBZJEWC/permissions/check

 {
   metadata: { snap_token: '', schema_version: 'cni6cpauhkuc73dn4gf0', depth: 20 },
   entity: { type: 'todo', id: 'all' },
   permission: 'create',
   subject: { type: 'user', id: 'e4b4552a-7bf5-4a2c-a284-3bff0dc59dc7' }
 }

 { can: 'CHECK_RESULT_DENIED', metadata: { check_count: 1 } }

as you can see. the grpc check succeeds, but the http fails. although they have the same payloads.

the issue isn't about grpc. as I want to move away from that anyway.

the issue is that the http request fails.

i've also tested via postman and get the same result (using http)

can: 2 means denied in Permify

that's interesting 😅, thanks for clarifying.

I thought because of the "message": "Permission allowed", that it was going through.

message': Permission allowed - Is this Permify's response?

Could you share a code snippet of this in Node.js with me?

That is my bad. I was relying on permify.grpc.RESULT_DENIED, which is coming up undefined.

if (response.can === permify.grpc.RESULT_DENIED) {

to be a trip wire to return the error in the try/catch I am using.

So my logic was flawed. I'm hard coding the "permission allowed".

This was really just a poc and I knocked it up quickly but of course now I'm having trouble due to it. 🤦‍♂️

What exactly is the problem you are experiencing?

I'm having trouble understanding where the relationship needs to be. Whether it's in the schema or created via the /data/write endpoint.

What's a little annoying (due to my misunderstanding). Is that I have no relationships. Yet when I run the enforcement. It comes up true. I was expecting it to come up false, until I added a relationship. Again my own understanding is not clear yet.

I have all the endpoints, except checkPermissions completed in my poc. So this is the very last issue to resolve 😄

Yes, we received additional feedback regarding the playground, and we are addressing these issues. Instead, you can use our validation file. https://docs.permify.co/docs/getting-started/testing/

{ can: 1, metadata: { checkCount: 2 } }

So my misunderstanding, is that the relationships needed to be in the schema:

workspace:engineering_team#owner@user:alice

But instead needed to be created via the /data/write point only.

In developing this poc, I had both then removed the /data/write functionality. Hence my confusion that I could have sworn this was working 😅.

Now reversing the functionality. I now have a working permission check endpoint (although with grpc)

Alright all done. I have all the endpoints I need

createSchema
readSchema
createTenant
deleteTenant
checkPermission
createRelation
deleteRelation

working 🥳

Thanks so much for your help @normal glade