diff options
Diffstat (limited to 'vendor/github.com/authzed/spicedb/pkg/development/check.go')
| -rw-r--r-- | vendor/github.com/authzed/spicedb/pkg/development/check.go | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/vendor/github.com/authzed/spicedb/pkg/development/check.go b/vendor/github.com/authzed/spicedb/pkg/development/check.go new file mode 100644 index 0000000..292a1ea --- /dev/null +++ b/vendor/github.com/authzed/spicedb/pkg/development/check.go @@ -0,0 +1,53 @@ +package development + +import ( + v1api "github.com/authzed/authzed-go/proto/authzed/api/v1" + + "github.com/authzed/spicedb/internal/graph/computed" + v1 "github.com/authzed/spicedb/internal/services/v1" + caveattypes "github.com/authzed/spicedb/pkg/caveats/types" + v1dispatch "github.com/authzed/spicedb/pkg/proto/dispatch/v1" + "github.com/authzed/spicedb/pkg/tuple" +) + +const defaultWasmDispatchChunkSize = 100 + +// CheckResult is the result of a RunCheck operation. +type CheckResult struct { + Permissionship v1dispatch.ResourceCheckResult_Membership + MissingCaveatFields []string + DispatchDebugInfo *v1dispatch.DebugInformation + V1DebugInfo *v1api.DebugInformation +} + +// RunCheck performs a check against the data in the development context. +// +// Note that it is up to the caller to call DistinguishGraphError on the error +// if they want to distinguish between user errors and internal errors. +func RunCheck(devContext *DevContext, resource tuple.ObjectAndRelation, subject tuple.ObjectAndRelation, caveatContext map[string]any) (CheckResult, error) { + ctx := devContext.Ctx + cr, meta, err := computed.ComputeCheck(ctx, devContext.Dispatcher, + caveattypes.Default.TypeSet, + computed.CheckParameters{ + ResourceType: resource.RelationReference(), + Subject: subject, + CaveatContext: caveatContext, + AtRevision: devContext.Revision, + MaximumDepth: maxDispatchDepth, + DebugOption: computed.TraceDebuggingEnabled, + }, + resource.ObjectID, + defaultWasmDispatchChunkSize, + ) + if err != nil { + return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err + } + + reader := devContext.Datastore.SnapshotReader(devContext.Revision) + converted, err := v1.ConvertCheckDispatchDebugInformation(ctx, caveattypes.Default.TypeSet, caveatContext, meta.DebugInfo, reader) + if err != nil { + return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err + } + + return CheckResult{cr.Membership, cr.MissingExprFields, meta.DebugInfo, converted}, nil +} |