Add a Relation attribute to QueryResult (for internal use) (#306)

kkajla12 · web-flow · commit b4920b401f5b · 2024-03-08T15:17:46.000-08:00
diff --git a/pkg/authz/query/resultset.go b/pkg/authz/query/resultset.go
@@ -24,6 +24,7 @@ import (
 type ResultSetNode struct {
 	ObjectType string
 	ObjectId   string
+	Relation   string
 	Warrant    warrant.WarrantSpec
 	IsImplicit bool
 	next       *ResultSetNode
@@ -47,16 +48,17 @@ func (rs *ResultSet) List() *ResultSetNode {
 	return rs.head
 }
 
-func (rs *ResultSet) Add(objectType string, objectId string, warrant warrant.WarrantSpec, isImplicit bool) {
+func (rs *ResultSet) Add(objectType string, objectId string, relation string, warrant warrant.WarrantSpec, isImplicit bool) {
 	newNode := &ResultSetNode{
 		ObjectType: objectType,
 		ObjectId:   objectId,
+		Relation:   relation,
 		Warrant:    warrant,
 		IsImplicit: isImplicit,
 		next:       nil,
 	}
 
-	existingRes, exists := rs.m[key(objectType, objectId)]
+	existingRes, exists := rs.m[key(objectType, objectId, relation)]
 	if !exists {
 		// Add warrant to list
 		if rs.head == nil {
@@ -72,35 +74,35 @@ func (rs *ResultSet) Add(objectType string, objectId string, warrant warrant.War
 
 	if !exists || (existingRes.IsImplicit && !isImplicit) {
 		// Add result node to map for O(1) lookups
-		rs.m[key(objectType, objectId)] = newNode
+		rs.m[key(objectType, objectId, relation)] = newNode
 	}
 }
 
 func (rs *ResultSet) Len() int {
 	return len(rs.m)
 }
 
-func (rs *ResultSet) Get(objectType string, objectId string) *ResultSetNode {
-	return rs.m[key(objectType, objectId)]
+func (rs *ResultSet) Get(objectType string, objectId string, relation string) *ResultSetNode {
+	return rs.m[key(objectType, objectId, relation)]
 }
 
-func (rs *ResultSet) Has(objectType string, objectId string) bool {
-	_, exists := rs.m[key(objectType, objectId)]
+func (rs *ResultSet) Has(objectType string, objectId string, relation string) bool {
+	_, exists := rs.m[key(objectType, objectId, relation)]
 	return exists
 }
 
 func (rs *ResultSet) Union(other *ResultSet) *ResultSet {
 	resultSet := NewResultSet()
 	for iter := rs.List(); iter != nil; iter = iter.Next() {
-		resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Warrant, iter.IsImplicit)
+		resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Relation, iter.Warrant, iter.IsImplicit)
 	}
 
 	for iter := other.List(); iter != nil; iter = iter.Next() {
 		isImplicit := iter.IsImplicit
-		if resultSet.Has(iter.ObjectType, iter.ObjectId) {
-			isImplicit = isImplicit && resultSet.Get(iter.ObjectType, iter.ObjectId).IsImplicit
+		if resultSet.Has(iter.ObjectType, iter.ObjectId, iter.Relation) {
+			isImplicit = isImplicit && resultSet.Get(iter.ObjectType, iter.ObjectId, iter.Relation).IsImplicit
 		}
-		resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Warrant, isImplicit)
+		resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Relation, iter.Warrant, isImplicit)
 	}
 
 	return resultSet
@@ -110,9 +112,9 @@ func (rs *ResultSet) Intersect(other *ResultSet) *ResultSet {
 	resultSet := NewResultSet()
 	for iter := rs.List(); iter != nil; iter = iter.Next() {
 		isImplicit := iter.IsImplicit
-		if other.Has(iter.ObjectType, iter.ObjectId) {
-			isImplicit = isImplicit || other.Get(iter.ObjectType, iter.ObjectId).IsImplicit
-			resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Warrant, isImplicit)
+		if other.Has(iter.ObjectType, iter.ObjectId, iter.Relation) {
+			isImplicit = isImplicit || other.Get(iter.ObjectType, iter.ObjectId, iter.Relation).IsImplicit
+			resultSet.Add(iter.ObjectType, iter.ObjectId, iter.Relation, iter.Warrant, isImplicit)
 		}
 	}
 
@@ -122,7 +124,7 @@ func (rs *ResultSet) Intersect(other *ResultSet) *ResultSet {
 func (rs *ResultSet) String() string {
 	var strs []string
 	for iter := rs.List(); iter != nil; iter = iter.Next() {
-		strs = append(strs, fmt.Sprintf("%s => %s", key(iter.ObjectType, iter.ObjectId), iter.Warrant.String()))
+		strs = append(strs, fmt.Sprintf("%s => %s", key(iter.ObjectType, iter.ObjectId, iter.Relation), iter.Warrant.String()))
 	}
 
 	return strings.Join(strs, ", ")
@@ -136,6 +138,6 @@ func NewResultSet() *ResultSet {
 	}
 }
 
-func key(objectType string, objectId string) string {
-	return fmt.Sprintf("%s:%s", objectType, objectId)
+func key(objectType string, objectId string, relation string) string {
+	return fmt.Sprintf("%s:%s#%s", objectType, objectId, relation)
 }
diff --git a/pkg/authz/query/service.go b/pkg/authz/query/service.go
@@ -100,7 +100,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi
 			}
 
 			for _, relation := range relations {
-				res, err := svc.query(ctx, Query{
+				queryResult, err := svc.query(ctx, Query{
 					Expand: query.Expand,
 					SelectObjects: &SelectObjects{
 						ObjectTypes:  []string{objectType.Type},
@@ -113,7 +113,9 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi
 					return nil, nil, nil, err
 				}
 
-				resultSet = resultSet.Union(res)
+				for res := queryResult.List(); res != nil; res = res.Next() {
+					resultSet.Add(res.ObjectType, res.ObjectId, relation, res.Warrant, res.IsImplicit)
+				}
 			}
 		}
 	case query.SelectSubjects != nil:
@@ -159,7 +161,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi
 
 		for _, subjectType := range subjectTypes {
 			for _, relation := range relations {
-				res, err := svc.query(ctx, Query{
+				queryResult, err := svc.query(ctx, Query{
 					Expand: query.Expand,
 					SelectSubjects: &SelectSubjects{
 						SubjectTypes: []string{subjectType.Type},
@@ -172,7 +174,9 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi
 					return nil, nil, nil, err
 				}
 
-				resultSet = resultSet.Union(res)
+				for res := queryResult.List(); res != nil; res = res.Next() {
+					resultSet.Add(res.ObjectType, res.ObjectId, relation, res.Warrant, res.IsImplicit)
+				}
 			}
 		}
 	default:
@@ -183,6 +187,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi
 		queryResults = append(queryResults, QueryResult{
 			ObjectType: res.ObjectType,
 			ObjectId:   res.ObjectId,
+			Relation:   res.Relation,
 			Warrant:    res.Warrant,
 			IsImplicit: res.IsImplicit,
 		})
@@ -358,17 +363,17 @@ func (svc QueryService) query(ctx context.Context, query Query, level int) (*Res
 
 						for _, w := range expandedWildcardWarrants {
 							if w.ObjectId != warrant.Wildcard {
-								resultSet.Add(w.ObjectType, w.ObjectId, matchedWarrant, level > 0)
+								resultSet.Add(w.ObjectType, w.ObjectId, relation, matchedWarrant, level > 0)
 							}
 						}
 					} else {
-						resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, matchedWarrant, level > 0)
+						resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, relation, matchedWarrant, level > 0)
 					}
 				}
 			} else if query.SelectObjects.WhereSubject == nil ||
 				(matchedWarrant.Subject.ObjectType == query.SelectObjects.WhereSubject.Type &&
 					matchedWarrant.Subject.ObjectId == query.SelectObjects.WhereSubject.Id) {
-				resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, matchedWarrant, level > 0)
+				resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, relation, matchedWarrant, level > 0)
 			}
 		}
 
@@ -425,10 +430,10 @@ func (svc QueryService) query(ctx context.Context, query Query, level int) (*Res
 				}
 
 				for res := userset.List(); res != nil; res = res.Next() {
-					resultSet.Add(res.ObjectType, res.ObjectId, matchedWarrant, level > 0)
+					resultSet.Add(res.ObjectType, res.ObjectId, relation, matchedWarrant, level > 0)
 				}
 			} else if query.SelectSubjects.SubjectTypes[0] == matchedWarrant.Subject.ObjectType {
-				resultSet.Add(matchedWarrant.Subject.ObjectType, matchedWarrant.Subject.ObjectId, matchedWarrant, level > 0)
+				resultSet.Add(matchedWarrant.Subject.ObjectType, matchedWarrant.Subject.ObjectId, relation, matchedWarrant, level > 0)
 			}
 		}
 
diff --git a/pkg/authz/query/spec.go b/pkg/authz/query/spec.go
@@ -97,6 +97,7 @@ type QueryHaving struct {
 type QueryResult struct {
 	ObjectType string                  `json:"objectType"`
 	ObjectId   string                  `json:"objectId"`
+	Relation   string                  `json:"-"`
 	Warrant    baseWarrant.WarrantSpec `json:"warrant"`
 	IsImplicit bool                    `json:"isImplicit"`
 	Meta       map[string]interface{}  `json:"meta,omitempty"`
diff --git a/tests/v1/query.json b/tests/v1/query.json
@@ -1460,10 +1460,10 @@
             }
         },
         {
-            "name": "selectMembersOrViewersOfTypeUserForDocumentD5Limit3SortOrderDesc",
+            "name": "selectExplicitOwnersOrViewersOfTypeUserForDocumentF3Limit1SortOrderDesc",
             "request": {
                 "method": "GET",
-                "url": "/v1/query?q=select%20member%2Cviewer%20of%20type%20user%20for%20document:D5&limit=3&sortOrder=DESC",
+                "url": "/v1/query?q=select%20explicit%20owner%2Cviewer%20of%20type%20user%20for%20document:F3&limit=1&sortOrder=DESC",
                 "headers": {
                     "Warrant-Token": "latest"
                 }
@@ -1485,46 +1485,18 @@
                                     "relation": "member"
                                 }
                             },
-                            "isImplicit": true
-                        },
-                        {
-                            "objectType": "user",
-                            "objectId": "U3",
-                            "warrant": {
-                                "objectType": "document",
-                                "objectId": "F3",
-                                "relation": "viewer",
-                                "subject": {
-                                    "objectType": "user",
-                                    "objectId": "U3"
-                                }
-                            },
-                            "isImplicit": true
-                        },
-                        {
-                            "objectType": "user",
-                            "objectId": "U2",
-                            "warrant": {
-                                "objectType": "document",
-                                "objectId": "F2",
-                                "relation": "editor",
-                                "subject": {
-                                    "objectType": "user",
-                                    "objectId": "U2"
-                                }
-                            },
-                            "isImplicit": true
+                            "isImplicit": false
                         }
                     ],
-                    "lastId": "{{ selectMembersOrViewersOfTypeUserForDocumentD5Limit3SortOrderDesc.lastId }}"
+                    "lastId": "{{ selectExplicitOwnersOrViewersOfTypeUserForDocumentF3Limit1SortOrderDesc.lastId }}"
                 }
             }
         },
         {
-            "name": "selectMembersOrViewersOfTypeUserLimit3SortOrderDescAfterId1",
+            "name": "selectExplicitOwnersOrViewersOfTypeUserForDocumentF3Limit1SortOrderDescAfterId1",
             "request": {
                 "method": "GET",
-                "url": "/v1/query?q=select%20member%2Cviewer%20of%20type%20user%20for%20document:D5&limit=3&sortOrder=DESC&lastId={{ selectMembersOrViewersOfTypeUserForDocumentD5Limit3SortOrderDesc.lastId }}",
+                "url": "/v1/query?q=select%20explicit%20owner%2Cviewer%20of%20type%20user%20for%20document:F3&limit=3&sortOrder=DESC&lastId={{ selectExplicitOwnersOrViewersOfTypeUserForDocumentF3Limit1SortOrderDesc.lastId }}",
                 "headers": {
                     "Warrant-Token": "latest"
                 }
@@ -1535,17 +1507,17 @@
                     "results": [
                         {
                             "objectType": "user",
-                            "objectId": "U1",
+                            "objectId": "U3",
                             "warrant": {
                                 "objectType": "document",
-                                "objectId": "F1",
-                                "relation": "owner",
+                                "objectId": "F3",
+                                "relation": "viewer",
                                 "subject": {
                                     "objectType": "user",
-                                    "objectId": "U1"
+                                    "objectId": "U3"
                                 }
                             },
-                            "isImplicit": true
+                            "isImplicit": false
                         }
                     ]
                 }

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`for _, relation := range relations {`
`103`		`- res, err := svc.query(ctx, Query{`
	`103`	`+ queryResult, err := svc.query(ctx, Query{`
`104`	`104`	`Expand: query.Expand,`
`105`	`105`	`SelectObjects: &SelectObjects{`
`106`	`106`	`ObjectTypes: []string{objectType.Type},`
`@@ -113,7 +113,9 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi`
`113`	`113`	`return nil, nil, nil, err`
`114`	`114`	`}`
`115`	`115`
`116`		`- resultSet = resultSet.Union(res)`
	`116`	`+ for res := queryResult.List(); res != nil; res = res.Next() {`
	`117`	`+ resultSet.Add(res.ObjectType, res.ObjectId, relation, res.Warrant, res.IsImplicit)`
	`118`	`+ }`
`117`	`119`	`}`
`118`	`120`	`}`
`119`	`121`	`case query.SelectSubjects != nil:`
`@@ -159,7 +161,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi`
`159`	`161`
`160`	`162`	`for _, subjectType := range subjectTypes {`
`161`	`163`	`for _, relation := range relations {`
`162`		`- res, err := svc.query(ctx, Query{`
	`164`	`+ queryResult, err := svc.query(ctx, Query{`
`163`	`165`	`Expand: query.Expand,`
`164`	`166`	`SelectSubjects: &SelectSubjects{`
`165`	`167`	`SubjectTypes: []string{subjectType.Type},`
`@@ -172,7 +174,9 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi`
`172`	`174`	`return nil, nil, nil, err`
`173`	`175`	`}`
`174`	`176`
`175`		`- resultSet = resultSet.Union(res)`
	`177`	`+ for res := queryResult.List(); res != nil; res = res.Next() {`
	`178`	`+ resultSet.Add(res.ObjectType, res.ObjectId, relation, res.Warrant, res.IsImplicit)`
	`179`	`+ }`
`176`	`180`	`}`
`177`	`181`	`}`
`178`	`182`	`default:`
`@@ -183,6 +187,7 @@ func (svc QueryService) Query(ctx context.Context, query Query, listParams servi`
`183`	`187`	`queryResults = append(queryResults, QueryResult{`
`184`	`188`	`ObjectType: res.ObjectType,`
`185`	`189`	`ObjectId: res.ObjectId,`
	`190`	`+ Relation: res.Relation,`
`186`	`191`	`Warrant: res.Warrant,`
`187`	`192`	`IsImplicit: res.IsImplicit,`
`188`	`193`	`})`
`@@ -358,17 +363,17 @@ func (svc QueryService) query(ctx context.Context, query Query, level int) (*Res`
`358`	`363`
`359`	`364`	`for _, w := range expandedWildcardWarrants {`
`360`	`365`	`if w.ObjectId != warrant.Wildcard {`
`361`		`- resultSet.Add(w.ObjectType, w.ObjectId, matchedWarrant, level > 0)`
	`366`	`+ resultSet.Add(w.ObjectType, w.ObjectId, relation, matchedWarrant, level > 0)`
`362`	`367`	`}`
`363`	`368`	`}`
`364`	`369`	`} else {`
`365`		`- resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, matchedWarrant, level > 0)`
	`370`	`+ resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, relation, matchedWarrant, level > 0)`
`366`	`371`	`}`
`367`	`372`	`}`
`368`	`373`	`} else if query.SelectObjects.WhereSubject == nil \|\|`
`369`	`374`	`(matchedWarrant.Subject.ObjectType == query.SelectObjects.WhereSubject.Type &&`
`370`	`375`	`matchedWarrant.Subject.ObjectId == query.SelectObjects.WhereSubject.Id) {`
`371`		`- resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, matchedWarrant, level > 0)`
	`376`	`+ resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, relation, matchedWarrant, level > 0)`
`372`	`377`	`}`
`373`	`378`	`}`
`374`	`379`
`@@ -425,10 +430,10 @@ func (svc QueryService) query(ctx context.Context, query Query, level int) (*Res`
`425`	`430`	`}`
`426`	`431`
`427`	`432`	`for res := userset.List(); res != nil; res = res.Next() {`
`428`		`- resultSet.Add(res.ObjectType, res.ObjectId, matchedWarrant, level > 0)`
	`433`	`+ resultSet.Add(res.ObjectType, res.ObjectId, relation, matchedWarrant, level > 0)`
`429`	`434`	`}`
`430`	`435`	`} else if query.SelectSubjects.SubjectTypes[0] == matchedWarrant.Subject.ObjectType {`
`431`		`- resultSet.Add(matchedWarrant.Subject.ObjectType, matchedWarrant.Subject.ObjectId, matchedWarrant, level > 0)`
	`436`	`+ resultSet.Add(matchedWarrant.Subject.ObjectType, matchedWarrant.Subject.ObjectId, relation, matchedWarrant, level > 0)`
`432`	`437`	`}`
`433`	`438`	`}`
`434`	`439`