runtime grant with caveat
# spicedbj
Joey
09/29/2023, 9:53 PMwrap the assertions with
with's
slam4d
09/29/2023, 9:58 PMThanks Joey. I'm getting another error after fixing this. Spicedb seems to think a user that doesn't have direct grant and doesn't pass caveat has permission? https://play.authzed.com/s/ckMDHlDL0lFr/assertions
j
Joey
09/29/2023, 9:59 PMwithout the caveat the system doesn't know how to answer that check
Joey
09/29/2023, 9:59 PMyou can see its returning a "maybe" because the caveat is missing context
Joey
09/29/2023, 9:59 PM(btw, check watches makes this all super easy to debug)
Joey
09/29/2023, 9:59 PM Copy code
assertTrue:
- company:c1#send_notification@user:1
- 'company:c1#send_notification@user:2 with {"action": "SEND_NOTIFICATION"}'
assertCaveated:
- company:c1#send_notification@user:2
assertFalse:
- 'company:c1#send_notification@user:2 with {"action": "ANOTHER_ACTION"}'Joey
09/29/2023, 9:59 PMthis passes
Joey
09/29/2023, 10:00 PMone sec..
Joey
09/29/2023, 10:00 PMfixed
Joey
09/29/2023, 10:01 PMs
slam4d
09/29/2023, 10:04 PMGotcha. That makes a lot of sense. Thank you so much for quick answers!!!
j
Joey
09/29/2023, 10:07 PMof course 🙂