#Hello again, I'm trying to create a
foggy ether
Hi @supple fable, it looks like there might be an issue with the relationship and subject definitions in your schema and check request. Here are a few suggestions to resolve the problem:
Schema Definition: Ensure that the relationships and permissions are correctly set up in your schema. Here's a revised schema based on your requirements to manage clients and view clients by different roles in a team.
entity user {}
entity team {
relation admin @user
relation account_manager @user
relation data_manager @user
relation viewer @user
relation guest @user
}
entity client {
relation team @team
permission view = team.admin or team.account_manager or team.data_manager or team.viewer or team.guest
permission manage = team.admin
}
**Relationship Tuples: **Also make sure the relationship tuples are correctly defined. You should ensure that the team relation in the client entity points correctly to a valid team entity.
{
"metadata": {
"schema_version": ""
},
"tuples": [
{
"entity": {
"type": "client",
"id": "data"
},
"relation": "team",
"subject": {
"type": "team",
"id": "team1"
}
}
],
"attributes":
}
Access Check Request: Ensure that the subject in the access check request correctly references the role the user has within the team.
Here's a revised check request:
{
"metadata": {
"snap_token": "",
"schema_version": "",
"depth": 20
},
"entity": {
"type": "client",
"id": "data"
},
"permission": "view",
"subject": {
"type": "user",
"id": "leandro@test.com",
"relation": ""
}
}
Ensure Correct Relationships: Ensure that the user leandro@test.com indeed has one of the roles within the team1 entity (e.g., admin, account_manager, data_manager, viewer, or guest).
If you follow the above steps and still face issues, it is essential to verify that team1 exists and leandro@test.com has the correct role in team1.
supple fable
Hello @foggy ether , I still have problems;
Here is my relationship:
First:
{
"metadata": {
"schema_version": ""
},
"tuples": [
{
"entity": {
"type": "client",
"id": "data"
},
"relation": "team",
"subject": {
"type": "team",
"id": "team1"
}
}
],
"attributes": []
}
Then:
{
"metadata": {
"schema_version": ""
},
"tuples": [
{
"entity": {
"type": "team",
"id": "data"
},
"relation": "admin",
"subject": {
"type": "user",
"id": "leandro@test.com"
}
}
],
"attributes": []
}
And the check:
{
"metadata": {
"snap_token": "",
"schema_version": "",
"depth": 20
},
"entity": {
"type": "client",
"id": "data"
},
"permission": "view",
"subject": {
"type": "user",
"id": "leandro@test.com",
"relation": ""
}
}
"can": "CHECK_RESULT_DENIED",
"metadata": {
"check_count": 11
}
}
I can't understand the problem
foggy ether
Hi @supple fable, I've tested in our playground. So the problem is you should create second relationship with "team1" entity ID
supple fable
And can I add this relationship to my schema file?
"metadata": {
"schema_version": ""
},
"tuples": [
{
"entity": {
"type": "client",
"id": "data"
},
"relation": "team",
"subject": {
"type": "team",
"id": "team1"
}
}
],
"attributes": []
}
I have this file:
schema: >-
entity user {}
entity team {
relation admin @user
relation account_manager @user
relation data_manager @user
relation viewer @user
relation guest @user
}
entity client {
relation team @team
permission view = team.admin or team.account_manager or team.data_manager or team.viewer or team.guest
permission manage = team.admin
}
Something like this:
https://docs.permify.co/getting-started/testing#defining-the-schema
relationships:
- "organization:1#admin@user:1"
- "organization:1#member@user:1"
- "repository:1#owner@user:1"
- "repository:2#owner@user:2"
- "repository:2#owner@user:3"
- "repository:1#parent@organization:1#..."
- "organization:1#member@user:43"
- "repository:1#owner@user:43"
Yes you can add relationships to your schema validation file.
I added the solution for the previous issue in above. Hope that makes sense.
supple fable
Thank you !