From 75a0aedded1523abae283eb16aaafdb9717f5705 Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Mon, 18 Sep 2023 10:18:18 -0700 Subject: [PATCH 1/5] build: optimizing wasm builds --- Makefile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index ce67c5743..3066fbd2a 100644 --- a/Makefile +++ b/Makefile @@ -67,11 +67,12 @@ coverage: ## Generate global code coverage report clean: ## Remove temporary and generated files rm -f ./permify rm -f ./pkg/development/wasm/main.wasm + rm -f ./pkg/development/wasm/play.wasm rm -f coverage.out coverage.html .PHONY: wasm-build -wasm-build: ## Remove temporary and generated files - cd ./pkg/development/wasm && GOOS=js GOARCH=wasm go build -ldflags="-s -w" -o main.wasm +wasm-build: ## Build wasm + cd ./pkg/development/wasm && GOOS=js GOARCH=wasm go build -ldflags="-s -w" -o main.wasm && wasm-opt main.wasm --enable-bulk-memory -Oz -o play.wasm .PHONY: release release: format test security-scan clean ## Prepare for release @@ -79,7 +80,7 @@ release: format test security-scan clean ## Prepare for release # Serve .PHONY: serve -serve: build ## Run the Permify server with memory +serve: build ./permify serve .PHONY: serve-playground From 9c13ab48944c3eb7aaa6bec5a7dbc21ba6ce9997 Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Mon, 18 Sep 2023 10:18:37 -0700 Subject: [PATCH 2/5] *: version info change --- docs/v1/apidocs.swagger.json | 2 +- internal/info.go | 2 +- proto/base/v1/openapi.proto | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/v1/apidocs.swagger.json b/docs/v1/apidocs.swagger.json index eabbd3603..24a9e4a89 100644 --- a/docs/v1/apidocs.swagger.json +++ b/docs/v1/apidocs.swagger.json @@ -3,7 +3,7 @@ "info": { "title": "Permify API", "description": "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.", - "version": "v0.5.2", + "version": "v0.5.3", "contact": { "name": "API Support", "url": "https://github.com/Permify/permify/issues", diff --git a/internal/info.go b/internal/info.go index ba7d7f482..8cf3aa581 100644 --- a/internal/info.go +++ b/internal/info.go @@ -20,7 +20,7 @@ var Identifier = xid.New().String() */ const ( // Version is the last release of the Permify (e.g. v0.1.0) - Version = "v0.5.2" + Version = "v0.5.3" // Banner is the view for terminal. Banner = ` diff --git a/proto/base/v1/openapi.proto b/proto/base/v1/openapi.proto index 548068202..e538677ed 100644 --- a/proto/base/v1/openapi.proto +++ b/proto/base/v1/openapi.proto @@ -9,7 +9,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { title: "Permify API"; description: "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples."; - version: "v0.5.2"; + version: "v0.5.3"; contact: { name: "API Support"; url: "https://github.com/Permify/permify/issues"; From fffb5e049f271044d8b3142062a3fe9a664f65a9 Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Mon, 18 Sep 2023 10:19:08 -0700 Subject: [PATCH 3/5] fix(playground): visualizer height --- playground/src/pkg/Visualizer/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playground/src/pkg/Visualizer/config.js b/playground/src/pkg/Visualizer/config.js index 5647c3645..45e0fdd81 100644 --- a/playground/src/pkg/Visualizer/config.js +++ b/playground/src/pkg/Visualizer/config.js @@ -2,7 +2,7 @@ function GraphOptions() { return { autoResize: true, clickToUse: true, - height: '80%', + height: '90%', width: '100%', layout: { hierarchical: { From b34427a408392703490f13226acd9022ebc3109e Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Mon, 18 Sep 2023 10:19:25 -0700 Subject: [PATCH 4/5] *: version info change --- pkg/pb/base/v1/openapi.pb.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/pb/base/v1/openapi.pb.go b/pkg/pb/base/v1/openapi.pb.go index beba2d4ad..ece736136 100644 --- a/pkg/pb/base/v1/openapi.pb.go +++ b/pkg/pb/base/v1/openapi.pb.go @@ -75,7 +75,7 @@ var file_base_v1_openapi_proto_rawDesc = []byte{ 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x66, 0x79, 0x2f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x66, 0x79, 0x2f, 0x62, 0x6c, 0x6f, 0x62, 0x2f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x4c, 0x49, 0x43, 0x45, - 0x4e, 0x53, 0x45, 0x32, 0x06, 0x76, 0x30, 0x2e, 0x35, 0x2e, 0x32, 0x2a, 0x01, 0x02, 0x32, 0x10, + 0x4e, 0x53, 0x45, 0x32, 0x06, 0x76, 0x30, 0x2e, 0x35, 0x2e, 0x33, 0x2a, 0x01, 0x02, 0x32, 0x10, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6a, 0x73, 0x6f, 0x6e, 0x3a, 0x10, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6a, 0x73, 0x6f, 0x6e, 0x5a, 0x23, 0x0a, 0x21, 0x0a, 0x0a, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x41, 0x75, From d60007871a900b01625fe887dbdcd96f58c0dbeb Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Mon, 18 Sep 2023 10:20:39 -0700 Subject: [PATCH 5/5] fix: #681 visited map for recursive schema walker --- internal/schema/walker.go | 19 ++++++++++++++- internal/schema/walker_test.go | 42 ++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/internal/schema/walker.go b/internal/schema/walker.go index b1a99ae7f..0a9776614 100644 --- a/internal/schema/walker.go +++ b/internal/schema/walker.go @@ -3,18 +3,23 @@ package schema import ( "errors" + "github.com/Permify/permify/pkg/dsl/utils" base "github.com/Permify/permify/pkg/pb/base/v1" ) // Walker is a struct used for traversing a schema type Walker struct { schema *base.SchemaDefinition + + // map used to track visited nodes and avoid infinite recursion + visited map[string]struct{} } // NewWalker is a constructor for the Walker struct func NewWalker(schema *base.SchemaDefinition) *Walker { return &Walker{ - schema: schema, + schema: schema, + visited: make(map[string]struct{}), } } @@ -23,6 +28,18 @@ func (w *Walker) Walk( entityType string, permission string, ) error { + // Generate a unique key for the entityType and permission combination + key := utils.Key(entityType, permission) + + // Check if the entity-permission combination has already been visited + if _, ok := w.visited[key]; ok { + // If already visited, exit early to avoid redundant processing or infinite recursion + return nil + } + + // Mark the entity-permission combination as visited + w.visited[key] = struct{}{} + // Lookup the entity definition in the schema def, ok := w.schema.EntityDefinitions[entityType] if !ok { diff --git a/internal/schema/walker_test.go b/internal/schema/walker_test.go index 06b38e4cf..7ab02a930 100644 --- a/internal/schema/walker_test.go +++ b/internal/schema/walker_test.go @@ -107,5 +107,47 @@ var _ = Describe("walker", func() { Expect(err).Should(Equal(ErrUnimplemented)) }) + + It("Case 3", func() { + sch, err := parser.NewParser(` + entity user {} + + entity tag { + relation assignee @department + permission view_document = assignee.view_document + } + + entity document { + relation owner @department + + permission edit = owner.edit_document + permission view = owner.view_document or owner.peek_document + } + + entity department { + relation parent @department + relation admin @user + relation viewer @user + relation assigned_tag @tag + + permission peek_document = assigned_tag.view_document or parent.peek_document + permission edit_document = admin or parent.edit_document + permission view_document = viewer or admin or parent.view_document + } + `).Parse() + + Expect(err).ShouldNot(HaveOccurred()) + + c := compiler.NewCompiler(true, sch) + e, r, err := c.Compile() + + Expect(err).ShouldNot(HaveOccurred()) + + w := NewWalker(NewSchemaFromEntityAndRuleDefinitions(e, r)) + + err = w.Walk("document", "view") + + Expect(err).ShouldNot(HaveOccurred()) + }) }) })