this page shows an example <@1003626257889636472> ...
# spicedb
m
this page shows an example @dguhr84 https://authzed.com/docs/reference/caveats#schema
d
thanks @masd1 - jftr: i am particularly interested if we have access to actual values from the input request, like OPA does for example... here's an actual example where I think caveats could be a way to go to model these attribute filters: https://github.com/RedHatInsights/playbook-dispatcher#authorization (i know you could also model the whole intent otherwise, but let's just assume I want to use caveats for this).
oh i see, one would need to fill the actual CheckPermissions request with a
Context
field when I see this correctly 🙂
v
Correct, caveat context is provided as part of
CheckPermissionRequest
,
LookupResourcesRequest
and
LookupSubjectsRequest
it's based on
structpb
package with google, which allows us to define maps to be provided on request time
d
yep, understood. great to know that you thought of lookupresources and lookupsubjects, too, as that might enable what I have in my mind. Will come up with an example of the use case above shortly i hope 🙂