Merge pull request #682 from Permify/next

Next

Makefile

@@ -67,19 +67,20 @@ coverage: ## Generate global code coverage report
 clean: ## Remove temporary and generated files
 	rm -f ./permify
 	rm -f ./pkg/development/wasm/main.wasm
+	rm -f ./pkg/development/wasm/play.wasm
 	rm -f coverage.out coverage.html
 
 .PHONY: wasm-build
-wasm-build: ## Remove temporary and generated files
-	cd ./pkg/development/wasm && GOOS=js GOARCH=wasm go build -ldflags="-s -w" -o main.wasm
+wasm-build: ## Build wasm
+	cd ./pkg/development/wasm && GOOS=js GOARCH=wasm go build -ldflags="-s -w" -o main.wasm && wasm-opt main.wasm --enable-bulk-memory -Oz -o play.wasm
 
 .PHONY: release
 release: format test security-scan clean ## Prepare for release
 
 # Serve
 
 .PHONY: serve
-serve: build ## Run the Permify server with memory
+serve: build
 	./permify serve
 
 .PHONY: serve-playground

docs/v1/apidocs.swagger.json

@@ -3,7 +3,7 @@
   "info": {
     "title": "Permify API",
     "description": "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.",
-    "version": "v0.5.2",
+    "version": "v0.5.3",
     "contact": {
       "name": "API Support",
       "url": "https://github.com/Permify/permify/issues",

internal/info.go

@@ -20,7 +20,7 @@ var Identifier = xid.New().String()
 */
 const (
 	// Version is the last release of the Permify (e.g. v0.1.0)
-	Version = "v0.5.2"
+	Version = "v0.5.3"
 
 	// Banner is the view for terminal.
 	Banner = `

internal/schema/walker.go

@@ -3,18 +3,23 @@ package schema
 import (
 	"errors"
 
+	"github.com/Permify/permify/pkg/dsl/utils"
 	base "github.com/Permify/permify/pkg/pb/base/v1"
 )
 
 // Walker is a struct used for traversing a schema
 type Walker struct {
 	schema *base.SchemaDefinition
+
+	// map used to track visited nodes and avoid infinite recursion
+	visited map[string]struct{}
 }
 
 // NewWalker is a constructor for the Walker struct
 func NewWalker(schema *base.SchemaDefinition) *Walker {
 	return &Walker{
-		schema: schema,
+		schema:  schema,
+		visited: make(map[string]struct{}),
 	}
 }
 
@@ -23,6 +28,18 @@ func (w *Walker) Walk(
 	entityType string,
 	permission string,
 ) error {
+	// Generate a unique key for the entityType and permission combination
+	key := utils.Key(entityType, permission)
+
+	// Check if the entity-permission combination has already been visited
+	if _, ok := w.visited[key]; ok {
+		// If already visited, exit early to avoid redundant processing or infinite recursion
+		return nil
+	}
+
+	// Mark the entity-permission combination as visited
+	w.visited[key] = struct{}{}
+
 	// Lookup the entity definition in the schema
 	def, ok := w.schema.EntityDefinitions[entityType]
 	if !ok {

internal/schema/walker_test.go

@@ -107,5 +107,47 @@ var _ = Describe("walker", func() {
 
 			Expect(err).Should(Equal(ErrUnimplemented))
 		})
+
+		It("Case 3", func() {
+			sch, err := parser.NewParser(`
+			entity user {}
+
+			entity tag {
+				relation assignee @department
+				permission view_document = assignee.view_document
+			}
+
+			entity document {
+				relation owner @department
+			
+				permission edit = owner.edit_document
+				permission view = owner.view_document or owner.peek_document
+			}
+			
+			entity department {
+				relation parent @department
+				relation admin @user
+				relation viewer @user
+				relation assigned_tag @tag
+				
+				permission peek_document = assigned_tag.view_document or parent.peek_document
+				permission edit_document = admin or parent.edit_document
+				permission view_document = viewer or admin or parent.view_document
+			}
+			`).Parse()
+
+			Expect(err).ShouldNot(HaveOccurred())
+
+			c := compiler.NewCompiler(true, sch)
+			e, r, err := c.Compile()
+
+			Expect(err).ShouldNot(HaveOccurred())
+
+			w := NewWalker(NewSchemaFromEntityAndRuleDefinitions(e, r))
+
+			err = w.Walk("document", "view")
+
+			Expect(err).ShouldNot(HaveOccurred())
+		})
 	})
 })

playground/src/pkg/Visualizer/config.js

@@ -2,7 +2,7 @@ function GraphOptions() {
     return  {
         autoResize: true,
         clickToUse: true,
-        height: '80%',
+        height: '90%',
         width: '100%',
         layout: {
             hierarchical: {

proto/base/v1/openapi.proto

@@ -9,7 +9,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
   info: {
     title: "Permify API";
     description: "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.";
-    version: "v0.5.2";
+    version: "v0.5.3";
     contact: {
       name: "API Support";
       url: "https://github.com/Permify/permify/issues";