bug with relation-constrained relation?
a
Alec Henninger
05/15/2023, 10:09 PMI think I am looking at a bug here but I'm not sure if there are two or it's just one... https://play.authzed.com/s/vSstHtBNIuNr/schema
1. When relation "contains" another relation, it appears using the arrow operator on that relation doesn't work on the "contained" relation but on the "container" relation. Is that intended?
2. If I implement the above "fix" (using a permission on the "container"), the next surprise seems to be the order of expressions in an & operation changes the results of lookup resources.
j
Joey
05/16/2023, 12:30 AM1. arrows do not follow the subject relation; this is working as intended
they only apply to the subject itself, not to the subject + relation
when you do
somerelation->somearrowyou're asking to walk to
somearrowsomerelation#2 is likely https://github.com/authzed/spicedb/pull/1226
Playground doesn't have that fix in
zeda
Alec Henninger
05/16/2023, 12:03 PMOkay thank you that's helpful. For #2, I can reproduce it locally with
$ zed version
client: zed v0.10.2
service: v1.21.0It looks related to the arrow on subrelation
If I take that out, it works
Updated playground link: https://play.authzed.com/s/4KzQD_khj_pj/schema
Opened an issue with some more detail https://github.com/authzed/spicedb/issues/1323, I hope that helps
I also opened a PR to clarify the behavior of arrows on subject relations https://github.com/authzed/docs/pull/119/files
j
Joey
05/16/2023, 2:35 PMokay; will take a look
@Alec Henninger https://github.com/authzed/spicedb/pull/1324
thanks for the repro case
I've included a variation of it (and a simpler one) in our consistency test suite for testing moving forward
a
Alec Henninger
05/16/2023, 3:40 PMThank you!