Getting permissions per user with custom roles

[ossibaer]

Hey folks,
I have an authz model similar to the custom roles example.
Is there a practical way to get ALL permissions/relations of a specific user on a specific object?

If we use the tuples given in the example: Using this information

{
  "user": "anne",
  "object": "asset-category:logo"
}

can I get a response like this?

{
  "tuples": [
    {
      "user": "user:anne",
      "relation": "editor",
      "object": "asset-category:logo"
    },
    {
      "user": "user:anne",
      "relation": "viewer",
      "object": "asset-category:logo"
    }
  ]
}

or just

{
  "relations":  ["editor", "viewer"]
}

To give more background to the use case: In the application admin users can create roles and assign those to other users, so I would like to show those users which permissions they have on certain objects. If this is not possible (or not practical) in OpenFGA I would have to store this information outside of it, which of course is possible, but feels wrong knowing OpenFGA has the necessary information.

What I've tried so far was the /stores/{store_id}/read, which gives me all the necessary (and much more) information and requires some additional logic as I have to translate the roles to permissions. I was not able to restrict the query to just one user - instead I got information about all users and roles of a specific object.

[ewanharris]

Hey @ossibaer, there's nothing that achieves exactly what you're looking for unfortunately. If you know the relations for the object type you're checking against you could use the ListRelations API within the SDKs that takes that list of relations and then performs a check for each one then returns the subset that are true for that user.