02/28/2023, 12:48 PM
I'm not sure what you mean - the "context" can only be stored on a relationship, since that's basically the only kind of thing that is actually stored in SpiceDB (except for the schema of course). So you'd define a relation like
relation can_access: user with ports_allowed
along with the ports_allowed caveat. When writing the relation at runtime, you write a port range into the context of that relation (store a minPort and maxPort or something like that) . The caveat then compares the stored port range and the accessedPort you pass in at query time Unless I am misunderstanding how caveats work myself