Resolve relations and detect cycles.

cache/expand.go

@@ -21,18 +21,18 @@ func (c *Cache) ExpandRelation(on model.ObjectName, rn model.RelationName) []mod
 	}
 
 	// get relation set for given object:relation.
-	rs := c.model.Objects[on].Relations[rn]
+	r := c.model.Objects[on].Relations[rn]
 
 	// include given permission in result set
 	results = append(results, rn)
 
 	// iterate through relation set, determine if it "unions" with the given relation.
-	for _, r := range rs {
+	for _, rt := range r.Union {
 		switch {
-		case r.Subject != nil && r.Subject.Object == on:
-			results = append(results, r.Subject.Relation)
-		case r.Direct != "":
-			results = append(results, c.ExpandRelation(on, model.RelationName(r.Direct))...)
+		case rt.Subject != nil && rt.Subject.Object == on:
+			results = append(results, rt.Subject.Relation)
+		case rt.Direct != "":
+			results = append(results, c.ExpandRelation(on, model.RelationName(rt.Direct))...)
 		}
 	}
 
@@ -70,7 +70,7 @@ func (c *Cache) ExpandPermission(on model.ObjectName, pn model.PermissionName) [
 }
 
 // convert union []string to []model.RelationName.
-func (c *Cache) expandUnion(o *model.Object, u ...*model.RelationRef) []model.RelationName {
+func (c *Cache) expandUnion(o *model.Object, u ...*model.PermissionRef) []model.RelationName {
 	result := []model.RelationName{}
 	for _, ref := range u {
 		if ref.Base != "" {
@@ -79,12 +79,12 @@ func (c *Cache) expandUnion(o *model.Object, u ...*model.RelationRef) []model.Re
 		rn := model.RelationName(ref.RelOrPerm)
 		result = append(result, rn)
 
-		exp := lo.FilterMap(o.Relations[rn], func(r *model.Relation, _ int) (*model.RelationRef, bool) {
+		exp := lo.FilterMap(o.Relations[rn].Union, func(r *model.RelationTerm, _ int) (*model.PermissionRef, bool) {
 			if r.Direct == "" {
-				return &model.RelationRef{}, false
+				return &model.PermissionRef{}, false
 			}
 			_, ok := o.Relations[model.RelationName(r.Direct)]
-			return &model.RelationRef{RelOrPerm: string(r.Direct)}, ok
+			return &model.PermissionRef{RelOrPerm: string(r.Direct)}, ok
 
 		})
 		result = append(result, c.expandUnion(o, exp...)...)

cache/metadata.go

@@ -97,7 +97,7 @@ func (c *Cache) GetRelationType(objectType, relation string) (*dsc2.RelationType
 func (*Cache) getRelationPermissions(o *model.Object, rn model.RelationName) []string {
 	permissions := []string{}
 	for pn, p := range o.Permissions {
-		union := lo.Map(p.Union, func(r *model.RelationRef, _ int) string {
+		union := lo.Map(p.Union, func(r *model.PermissionRef, _ int) string {
 			if r.Base != "" {
 				panic("arrow permissions not supported yet")
 			}
@@ -112,9 +112,9 @@ func (*Cache) getRelationPermissions(o *model.Object, rn model.RelationName) []s
 
 func (*Cache) getRelationUnions(o *model.Object, on model.ObjectName, rn model.RelationName) []string {
 	unions := []string{}
-	for name, rs := range o.Relations {
-		for _, r := range rs {
-			if r.Subject != nil && r.Subject.Object == on && r.Subject.Relation == rn {
+	for name, r := range o.Relations {
+		for _, rt := range r.Union {
+			if rt.Subject != nil && rt.Subject.Object == on && rt.Subject.Relation == rn {
 				unions = append(unions, string(name))
 			}
 		}

cache/path_test.go

@@ -153,12 +153,12 @@ func expandPerm(m *model.Model, on model.ObjectName, pn model.PermissionName) []
 func expandRel(m *model.Model, on model.ObjectName, rn model.RelationName) []*model.ObjectRelation {
 	result := []*model.ObjectRelation{}
 
-	relations, ok := m.Objects[on].Relations[rn]
+	relation, ok := m.Objects[on].Relations[rn]
 	if !ok {
 		return result
 	}
 
-	for _, r := range relations {
+	for _, r := range relation.Union {
 		if r.Direct != "" {
 			result = append(result, &model.ObjectRelation{
 				Object:   r.Direct,
@@ -188,10 +188,10 @@ func resolve(m *model.Model, on model.ObjectName, rn model.RelationName) *model.
 	if strings.Contains(rn.String(), v3.ArrowIdentifier) {
 		parts := strings.Split(rn.String(), v3.ArrowIdentifier)
 
-		rn := model.RelationName(parts[0])
+		rn = model.RelationName(parts[0])
 
 		if _, ok := m.Objects[on].Relations[rn]; ok { // 	if c.RelationExists(on, rn) {
-			for _, rel := range m.Objects[on].Relations[rn] {
+			for _, rel := range m.Objects[on].Relations[rn].Union {
 				if rel.Direct != "" {
 					return &model.ObjectRelation{
 						Object:   rel.Direct,

go.mod

@@ -9,6 +9,7 @@ require (
 	github.com/aserto-dev/go-aserto v0.30.0
 	github.com/aserto-dev/go-directory v0.30.2
 	github.com/davecgh/go-spew v1.1.1
+	github.com/deckarep/golang-set/v2 v2.5.0
 	github.com/golang/mock v1.6.0
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/magefile/mage v1.15.0

go.sum

@@ -22,6 +22,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/deckarep/golang-set/v2 v2.5.0 h1:hn6cEZtQ0h3J8kFrHR/NrzyOoTnjgW1+FmNJzQ7y/sA=
+github.com/deckarep/golang-set/v2 v2.5.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=