authorizer: always display authorizer facts and rules #195
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
divarvel
force-pushed
the
authorizer-facts-in-authorizer-tostring
branch
4 times, most recently
from
3c06ba7
to
b5436a7
Compare
`impl Display for Authorizer` only used the datalog world for displaying facts. When calling `.to_string()` on an authorizer before `.authorize()`, authorizer facts and rules were not displayed (authorizer facts and rules are added to the datalog world only in `.authorize()`). After authorization, authorizer facts and rules are both in the world and the block, so deduplication is needed.
divarvel
force-pushed
the
authorizer-facts-in-authorizer-tostring
branch
from
b5436a7
to
9feb665
Compare
This was referenced Oct 31, 2023
Geal
approved these changes
Nov 12, 2023
divarvel
added a commit
to biscuit-auth/biscuit-cli
that referenced
this pull request
Feb 26, 2024
`to_string` provides a more complete view than `dump_code`, including facts origins. Before biscuit-auth/biscuit-rust#195, `to_string()` did not include authorizer facts on snapshots (before running `authorize`). This is not an issue with the latest biscuit-rust version (`4.1.1`), so it is safe to use `to_string()`
divarvel
added a commit
to biscuit-auth/biscuit-component-wasm
that referenced
this pull request
Feb 26, 2024
It includes bumping biscuit-rust to 4.1.1, which includes changes from biscuit-auth/biscuit-rust#195 This means that the little workaround of running authorization on an authorizer copy before generating text output is not needed anymore.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
impl Display for Authorizeronly used the datalog world for displaying facts. When calling.to_string()on an authorizer before.authorize(), authorizer facts and rules were not displayed (authorizer facts and rules are added to the datalog world only in.authorize()).After authorization, authorizer facts and rules are both in the world and the block, so deduplication is needed.
See #193 and #194
Note: the output of
.to_string()is still not a faithful representation of the snapshot contents, since the authorizer block can have a block-wide scope annotation, which is not displayed. Maybe displaying a snapshot as a single datalog snippet does not even make sense (after all, we are already using comments to annotate stuff). We could display blocks faithfully (not using the datalog world), and then display generated facts in a separate way (we would still have to deduplicate facts to only display generated facts and not facts coming directly from blocks.