-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This fixes a model-inversion bug. Given: ```yaml folder: relations: owner: user permissions: is_owner: owner | parent->is_owner doc: relations: parent: folder viewer: user | user:* | group#member permissions: can_view: viewer | parent->owner ``` The `can_view` premission isn't inverted correctly. A `group#member` can have the `can_view` permission, but only through the first term (`viewer`) because `parent-owner` can only be a `user`. The problem is that the inversion logic attempts to create the inversion of `parent->owner` on `group` (i.e. `group#doc^can_view#member: doc_viewer#member | doc_owner#doc_parent`) But `group` has no `doc_owner` relation because `group#member` isn't assignable to`folder#owner`.
Showing
3 changed files
with
11 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters