github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/pkg/development/check.go (about) 1 package development 2 3 import ( 4 v1api "github.com/authzed/authzed-go/proto/authzed/api/v1" 5 6 "github.com/authzed/spicedb/internal/graph/computed" 7 v1 "github.com/authzed/spicedb/internal/services/v1" 8 core "github.com/authzed/spicedb/pkg/proto/core/v1" 9 v1dispatch "github.com/authzed/spicedb/pkg/proto/dispatch/v1" 10 ) 11 12 // CheckResult is the result of a RunCheck operation. 13 type CheckResult struct { 14 Permissionship v1dispatch.ResourceCheckResult_Membership 15 MissingCaveatFields []string 16 DispatchDebugInfo *v1dispatch.DebugInformation 17 V1DebugInfo *v1api.DebugInformation 18 } 19 20 // RunCheck performs a check against the data in the development context. 21 // 22 // Note that it is up to the caller to call DistinguishGraphError on the error 23 // if they want to distinguish between user errors and internal errors. 24 func RunCheck(devContext *DevContext, resource *core.ObjectAndRelation, subject *core.ObjectAndRelation, caveatContext map[string]any) (CheckResult, error) { 25 ctx := devContext.Ctx 26 cr, meta, err := computed.ComputeCheck(ctx, devContext.Dispatcher, 27 computed.CheckParameters{ 28 ResourceType: &core.RelationReference{ 29 Namespace: resource.Namespace, 30 Relation: resource.Relation, 31 }, 32 Subject: subject, 33 CaveatContext: caveatContext, 34 AtRevision: devContext.Revision, 35 MaximumDepth: maxDispatchDepth, 36 DebugOption: computed.TraceDebuggingEnabled, 37 }, 38 resource.ObjectId, 39 ) 40 if err != nil { 41 return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err 42 } 43 44 reader := devContext.Datastore.SnapshotReader(devContext.Revision) 45 converted, err := v1.ConvertCheckDispatchDebugInformation(ctx, caveatContext, meta, reader) 46 if err != nil { 47 return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err 48 } 49 50 return CheckResult{cr.Membership, cr.MissingExprFields, meta.DebugInfo, converted}, nil 51 }