openfga icon indicating copy to clipboard operation
openfga copied to clipboard
verified publisher icon openfga

Add more model validation test cases

Open rhamzeh opened this issue 2 years ago • 1 comments

Right now we have some model validations in place that should protect users from some mistakes, but there's quite a few (unlikely) cases that are not covered.

rhamzeh avatar Jun 05 '23 18:06 rhamzeh

Here are a few examples (using Craig Pastro's parser) of invalid models that should be enforced, but currently are not:

type user

type document
  relations
    define restricted: [user] as self
    define editor: [user] as self
    define viewer: [document#viewer] as (self or editor) but not restricted

type user

type document
  relations
    define allowed: [user] as self
    define editor: [user] as self
    define viewer: [document#viewer] as (self or editor) and allowed

Basically, if there is a compound rewrite (nested expressions) joined by at least one or more intersections or exclusions, then we're not currently handling the validation cases around this properly.

jon-whit avatar Jun 05 '23 19:06 jon-whit

We are closing this issue as it is not currently feasible in the new schema to write such models.

poovamraj avatar Jul 24 '24 15:07 poovamraj