https://authzed.com logo
Title
t

tartignolle

08/25/2022, 3:36 PM
Thanks @Joey I have the following schema:
definition user {}

definition resource_group {
    relation reader: user
    permission read = reader
}

definition resource {
    relation reader: user
    relation writer: user
    relation parent: resource_group | resource
                
    permission read = reader + writer + parent->read
    permission write = reader
}
I create the following relations
relationship("resource:F1#reader@user:U1"),
relationship("resource:F2#reader@user:U2"),
relationship("resource:F1#parent@resource_group:G1"),
relationship("resource_group:G1#reader@user:U1")
I delete this relation:
relationship("resource:F1#parent@resource_group:G1")
I receive the following result from the Watch API:
watchResponse {
  updates [{
    operation = 3
    relationship = {
      objectType = "resource"
      objectId = "F1"
    }
    relation = "parent"
    subject = {
      object = {
        objectType = "resource_group"
        objectId = "G1"
      }
      optionalRelation = ""
    }
I'd then expect to call the LookupSubject API with something like this:
LookupSubjectsRequest {
  ObjectReference: {
    ObjectType: resource_group,
    ObjectId: G1,
  },
  permission: ???
}
Pb is the permission value Thanks !