Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the signatures of the remaining reflection APIs slightly #104

Merged
merged 1 commit into from
May 7, 2024
Merged

Change the signatures of the remaining reflection APIs slightly #104

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 11 additions & 14 deletions authzed/api/v1/experimental_service.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
}

// EXPERIMENTAL: ComputablePermissions is an API that allows clients to request the set of
// permissions that compute based off a set of relations. For example, if a schema has a relation
// permissions that compute based off a relation. For example, if a schema has a relation
// `viewer` and a permission `view` defined as `permission view = viewer + editor`, then the
// computable permissions for the relation `viewer` will include `view`.
rpc ExperimentalComputablePermissions(ExperimentalComputablePermissionsRequest)
Expand All @@ -79,8 +79,8 @@
}

// EXPERIMENTAL: DependentRelations is an API that allows clients to request the set of
// relations that used to compute a permission, recursively. It is the inverse of the
// ComputablePermissions API.
// relations and permissions that used to compute a permission, recursively. It is the
// inverse of the ComputablePermissions API.
rpc ExperimentalDependentRelations(ExperimentalDependentRelationsRequest)
returns (ExperimentalDependentRelationsResponse) {
option (google.api.http) = {
Expand Down Expand Up @@ -296,36 +296,33 @@

message ExperimentalComputablePermissionsRequest {
Consistency consistency = 1;
repeated ExpRelationReference relations = 2;
string definition_name = 2;

Check failure on line 299 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" with name "definition_name" on message "ExperimentalComputablePermissionsRequest" changed option "json_name" from "relations" to "definitionName".

Check failure on line 299 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExperimentalComputablePermissionsRequest" changed label from "repeated" to "optional".

Check failure on line 299 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExperimentalComputablePermissionsRequest" changed type from "message" to "string". See https://developers.google.com/protocol-buffers/docs/proto3#updating for wire compatibility rules and https://developers.google.com/protocol-buffers/docs/proto3#json for JSON compatibility rules.

Check failure on line 299 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExperimentalComputablePermissionsRequest" changed name from "relations" to "definition_name".
string relation_name = 3;

Check failure on line 300 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" with name "relation_name" on message "ExperimentalComputablePermissionsRequest" changed option "json_name" from "optionalDefinitionNameFilter" to "relationName".

Check failure on line 300 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "3" on message "ExperimentalComputablePermissionsRequest" changed name from "optional_definition_name_filter" to "relation_name".

// optional_definition_name_match is a prefix that is matched against the definition name(s)
// for the permissions returned.
// If not specified, will be ignored.
string optional_definition_name_filter = 3;
string optional_definition_name_filter = 4;
}

// ExpRelationReference is a reference to a relation in the schema.
// ExpRelationReference is a reference to a relation or permission in the schema.
message ExpRelationReference {
string definition_name = 1;
string relation_name = 2;
}

// ExpPermissionReference is a reference to a permission in the schema.
message ExpPermissionReference {
string definition_name = 1;
string permission_name = 2;
bool is_permission = 3;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why a bool instead of ExpRelationReference and ExpPermissionReference?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because otherwise we'd need two distinct lists to be returned and this is easier to generate

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we treat permissions and relations as the same thing anywhere else in the API?
Whether we choose to do this or not just needs to be consistent across the entire API surface. We have to decide whether SpiceDB users need to know that permissions a form relation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we do in all the other API endpoints. We usually name it one way or another (permission or relation), but you can CheckPermission on a relation, for example

}

message ExperimentalComputablePermissionsResponse {
repeated ExpPermissionReference permissions = 1;
repeated ExpRelationReference permissions = 1;

Check failure on line 316 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "1" on message "ExperimentalComputablePermissionsResponse" changed type from "authzed.api.v1.ExpPermissionReference" to "authzed.api.v1.ExpRelationReference".

// read_at is the ZedToken at which the schema was read.
ZedToken read_at = 2;
}

message ExperimentalDependentRelationsRequest {
Consistency consistency = 1;
ExpPermissionReference permission = 2;
string definition_name = 2;

Check failure on line 324 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" with name "definition_name" on message "ExperimentalDependentRelationsRequest" changed option "json_name" from "permission" to "definitionName".

Check failure on line 324 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExperimentalDependentRelationsRequest" changed type from "message" to "string". See https://developers.google.com/protocol-buffers/docs/proto3#updating for wire compatibility rules and https://developers.google.com/protocol-buffers/docs/proto3#json for JSON compatibility rules.

Check failure on line 324 in authzed/api/v1/experimental_service.proto

View workflow job for this annotation

GitHub Actions / Lint & Publish Draft/Branch 

Field "2" on message "ExperimentalDependentRelationsRequest" changed name from "permission" to "definition_name".
string permission_name = 3;
}

message ExperimentalDependentRelationsResponse {
Expand Down
Loading