https://authzed.com logo
bug with relation-constrained relation?
a

Alec Henninger

05/15/2023, 10:09 PM
I think I am looking at a bug here but I'm not sure if there are two or it's just one... https://play.authzed.com/s/vSstHtBNIuNr/schema
1. When relation "contains" another relation, it appears using the arrow operator on that relation doesn't work on the "contained" relation but on the "container" relation. Is that intended? 2. If I implement the above "fix" (using a permission on the "container"), the next surprise seems to be the order of expressions in an & operation changes the results of lookup resources.
j

Joey

05/16/2023, 12:30 AM
1. arrows do not follow the subject relation; this is working as intended
they only apply to the subject itself, not to the subject + relation
when you do
somerelation->somearrow
you're asking to walk to
somearrow
for the subject of
somerelation
, directly
Playground doesn't have that fix in
zed
yet
a

Alec Henninger

05/16/2023, 12:03 PM
Okay thank you that's helpful. For #2, I can reproduce it locally with
$ zed version
client: zed v0.10.2
service: v1.21.0
It looks related to the arrow on subrelation
If I take that out, it works
Opened an issue with some more detail https://github.com/authzed/spicedb/issues/1323, I hope that helps
I also opened a PR to clarify the behavior of arrows on subject relations https://github.com/authzed/docs/pull/119/files
j

Joey

05/16/2023, 2:35 PM
okay; will take a look
thanks for the repro case
I've included a variation of it (and a simpler one) in our consistency test suite for testing moving forward
a

Alec Henninger

05/16/2023, 3:40 PM
Thank you!