Hello just an informative question, is SpiceDB #spicedb

Hello just an informative question, is

sul3

01/23/2024, 9:59 AM

Hello just an informative question, is there maybe a way to retrieve all permissions a user has from one call? So for instance I wanted all permissions that the user:Sul3 has, would there be a way to perform this?

vroldanbet

01/23/2024, 10:04 AM

It's not possible, but we are collecting feedback to support this, see https://github.com/authzed/spicedb/issues/1505 Feel free to share your usecase. The closest thing you can do right now is to run a

BulkCheckPermission

call for a subject over a resource, where you list all the permissions to check.

sul3

01/23/2024, 10:05 AM

Alright, thank you 😄

sul3

01/23/2024, 10:21 AM

@vroldanbet what about just listing all defined resources, without the permissions, just for instance, I retrieve all resources of type "folder" let's say

vroldanbet

01/23/2024, 10:23 AM

you can already do that with

ReadRelationships

API

vroldanbet

01/23/2024, 10:24 AM

see the relationship filter in the API: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.RelationshipFilter

sul3

01/23/2024, 12:24 PM

thank you!

sul3

01/25/2024, 10:31 AM

Hey, to update on this conversation. I have tried to implement this into my spring-boot application (was requested to make one), and I am seeming to get stuck at the following stage, I haven't done much research by now, so please a reference to where to look or a straight up answer would be great.

Copy code

@RestController
        @RequestMapping("/get-resources")
        public static class ResourceController {

                @GetMapping("/{resourceType}")
                public String getResources(
                        @PathVariable String resourceType) {
                        ManagedChannel channel = ManagedChannelBuilder
                        .forTarget("localhost:50051")
                        .usePlaintext()  
                        .build();
                
                        BearerToken bearerToken = new BearerToken("customKey");
                        PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc.newBlockingStub(channel)
                                .withCallCredentials(bearerToken);
                        
                        PermissionService.RelationshipFilter filter = PermissionService.RelationshipFilter.newBuilder()
                                .setResourceType("tutorial/" + resourceType)
                                .build();


                        
                }
        }

Basically the idea is that the http endpoint receives the type of resource to list, and afterwards it will use that to retrieve all resources of the given type and retrieve them. Now I have managed to create the code provided above (with a little help from copilot), but I am running into a problem now sending this to the spiceDB service, since I cant seem to figure out what kind of request to use (where to set the filter). Thank you in advance

vroldanbet

01/25/2024, 10:46 AM

Please have a look at the API definition, which I shared above. Each gRPC API method has a request payload and a response. See https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.ReadRelationships

sul3

01/25/2024, 10:49 AM

ah sorry, yes that is exactly what I was looking for, thanks

Previous Next