github.com/openfga/openfga@v1.5.4-rc1/assets/tests/consolidated_1_1_tests.yaml (about) 1 tests: 2 - name: this 3 stages: 4 - model: | 5 model 6 schema 1.1 7 type user 8 9 type document 10 relations 11 define viewer: [user] 12 tuples: 13 - object: document:1 14 relation: viewer 15 user: user:aardvark 16 checkAssertions: 17 - tuple: 18 object: document:1 19 relation: viewer 20 user: user:aardvark 21 expectation: true 22 - tuple: 23 object: document:2 24 relation: viewer 25 user: user:aardvark 26 expectation: false 27 - tuple: 28 object: document:1 29 relation: viewer 30 user: user:badger 31 expectation: false 32 listObjectsAssertions: 33 - request: 34 user: user:aardvark 35 type: document 36 relation: viewer 37 expectation: 38 - document:1 39 - request: 40 user: user:badger 41 type: document 42 relation: viewer 43 expectation: 44 listUsersAssertions: 45 - request: 46 filters: 47 - user 48 object: document:1 # exists in store 49 relation: viewer 50 expectation: 51 - user:aardvark 52 - request: 53 filters: 54 - user 55 object: document:2 # does not exist in store 56 relation: viewer 57 expectation: 58 - name: computed_userset 59 stages: 60 - model: | 61 model 62 schema 1.1 63 type user 64 65 type document 66 relations 67 define writer: [user] 68 define viewer: writer 69 tuples: 70 - object: document:1 71 relation: writer 72 user: user:aardvark 73 checkAssertions: 74 - tuple: 75 object: document:1 76 relation: viewer 77 user: user:aardvark 78 expectation: true 79 - tuple: 80 object: document:2 81 relation: writer 82 user: user:aardvark 83 expectation: false 84 - tuple: 85 object: document:2 86 relation: viewer 87 user: user:aardvark 88 expectation: false 89 listObjectsAssertions: 90 - request: 91 user: user:aardvark 92 type: document 93 relation: viewer 94 expectation: 95 - document:1 96 - request: 97 user: user:aardvark 98 type: document 99 relation: writer 100 expectation: 101 - document:1 102 listUsersAssertions: 103 - request: 104 filters: 105 - user 106 object: document:1 107 relation: viewer 108 expectation: 109 - user:aardvark 110 - request: 111 filters: 112 - user 113 object: document:1 114 relation: writer 115 expectation: 116 - user:aardvark 117 - request: 118 filters: 119 - user 120 object: document:2 121 relation: viewer 122 expectation: 123 - name: tuple_to_userset 124 stages: 125 - model: | 126 model 127 schema 1.1 128 type user 129 130 type folder 131 relations 132 define viewer: [user] 133 134 type document 135 relations 136 define parent: [folder] 137 define viewer: viewer from parent 138 tuples: 139 - object: document:1 140 relation: parent 141 user: folder:x 142 - object: folder:x 143 relation: viewer 144 user: user:aardvark 145 checkAssertions: 146 - tuple: 147 object: document:1 148 relation: viewer 149 user: user:aardvark 150 expectation: true 151 listObjectsAssertions: 152 - request: 153 user: user:aardvark 154 type: document 155 relation: viewer 156 expectation: 157 - document:1 158 listUsersAssertions: 159 - request: 160 filters: 161 - user 162 object: document:1 163 relation: viewer 164 expectation: 165 - user:aardvark 166 - request: 167 filters: 168 - folder 169 object: document:1 170 relation: parent 171 expectation: 172 - folder:x 173 - request: 174 filters: 175 - folder 176 object: document:1 177 relation: viewer 178 expectation: 179 - request: 180 filters: 181 - user 182 object: document:1 183 relation: parent 184 expectation: 185 - name: this_and_union 186 stages: 187 - model: | 188 model 189 schema 1.1 190 type user 191 192 type document 193 relations 194 define writer: [user] 195 define viewer: [user] or writer 196 tuples: 197 - object: document:1 198 relation: viewer 199 user: user:aardvark 200 - object: document:2 201 relation: writer 202 user: user:badger 203 checkAssertions: 204 - tuple: 205 object: document:1 206 relation: viewer 207 user: user:aardvark 208 expectation: true 209 - tuple: 210 object: document:2 211 relation: viewer 212 user: user:badger 213 expectation: true 214 listObjectsAssertions: 215 - request: 216 user: user:aardvark 217 type: document 218 relation: viewer 219 expectation: 220 - document:1 221 - request: 222 user: user:badger 223 type: document 224 relation: viewer 225 expectation: 226 - document:2 227 listUsersAssertions: 228 - request: 229 filters: 230 - user 231 object: document:1 232 relation: viewer 233 expectation: 234 - user:aardvark 235 - request: 236 filters: 237 - user 238 object: document:2 239 relation: viewer 240 expectation: 241 - user:badger 242 243 - name: this_and_intersection 244 stages: 245 - model: | 246 model 247 schema 1.1 248 type user 249 250 type document 251 relations 252 define writer: [user] 253 define viewer: [user] and writer 254 tuples: 255 - object: document:1 256 relation: viewer 257 user: user:aardvark 258 - object: document:1 259 relation: writer 260 user: user:aardvark 261 - object: document:2 262 relation: viewer 263 user: user:badger 264 - object: document:3 265 relation: writer 266 user: user:cheetah 267 checkAssertions: 268 - tuple: 269 object: document:1 270 relation: viewer 271 user: user:aardvark 272 expectation: true 273 - tuple: 274 object: document:2 275 relation: viewer 276 user: user:badger 277 expectation: false 278 - tuple: 279 object: document:2 280 relation: viewer 281 user: user:cheetah 282 expectation: false 283 listObjectsAssertions: 284 - request: 285 user: user:aardvark 286 type: document 287 relation: viewer 288 expectation: 289 - document:1 290 - request: 291 user: user:badger 292 type: document 293 relation: viewer 294 expectation: 295 - request: 296 user: user:cheetah 297 type: document 298 relation: viewer 299 expectation: 300 listUsersAssertions: 301 - request: 302 filters: 303 - user 304 object: document:1 305 relation: viewer 306 expectation: 307 - user:aardvark 308 309 - name: this_and_exclusion_base 310 stages: 311 - model: | 312 model 313 schema 1.1 314 type user 315 316 type document 317 relations 318 define writer: [user] 319 define viewer: [user] but not writer 320 tuples: 321 - object: document:1 322 relation: viewer 323 user: user:aardvark 324 - object: document:1 325 relation: writer 326 user: user:aardvark 327 - object: document:2 328 relation: viewer 329 user: user:badger 330 - object: document:3 331 relation: writer 332 user: user:cheetah 333 checkAssertions: 334 - tuple: 335 object: document:1 336 relation: viewer 337 user: user:aardvark 338 expectation: false 339 - tuple: 340 object: document:2 341 relation: viewer 342 user: user:badger 343 expectation: true 344 - tuple: 345 object: document:2 346 relation: viewer 347 user: user:cheetah 348 expectation: false 349 listObjectsAssertions: 350 - request: 351 user: user:aardvark 352 type: document 353 relation: viewer 354 expectation: 355 - request: 356 user: user:badger 357 type: document 358 relation: viewer 359 expectation: 360 - document:2 361 - request: 362 user: user:cheetah 363 type: document 364 relation: viewer 365 expectation: 366 listUsersAssertions: 367 - request: 368 filters: 369 - user 370 object: document:1 371 relation: viewer 372 expectation: 373 - request: 374 filters: 375 - user 376 object: document:2 377 relation: viewer 378 expectation: 379 - user:badger 380 - name: computed_userset_and_computed_userset 381 stages: 382 - model: | 383 model 384 schema 1.1 385 type user 386 387 type document 388 relations 389 define owner: [user] 390 define writer: owner 391 define viewer: writer 392 tuples: 393 - object: document:1 394 relation: owner 395 user: user:aardvark 396 checkAssertions: 397 - tuple: 398 object: document:1 399 relation: viewer 400 user: user:aardvark 401 expectation: true 402 listObjectsAssertions: 403 - request: 404 user: user:aardvark 405 type: document 406 relation: viewer 407 expectation: 408 - document:1 409 listUsersAssertions: 410 - request: 411 filters: 412 - user 413 object: document:1 414 relation: viewer 415 expectation: 416 - user:aardvark 417 418 - name: computed_userset_and_union 419 stages: 420 - model: | 421 model 422 schema 1.1 423 type user 424 425 type document 426 relations 427 define writer: [user] 428 define editor: [user] 429 define viewer: writer or editor 430 tuples: 431 - object: document:1 432 relation: writer 433 user: user:aardvark 434 - object: document:2 435 relation: editor 436 user: user:badger 437 checkAssertions: 438 - tuple: 439 object: document:1 440 relation: viewer 441 user: user:aardvark 442 expectation: true 443 - tuple: 444 object: document:2 445 relation: viewer 446 user: user:badger 447 expectation: true 448 listObjectsAssertions: 449 - request: 450 user: user:aardvark 451 type: document 452 relation: viewer 453 expectation: 454 - document:1 455 - request: 456 user: user:badger 457 type: document 458 relation: viewer 459 expectation: 460 - document:2 461 listUsersAssertions: 462 - request: 463 filters: 464 - user 465 object: document:1 466 relation: viewer 467 expectation: 468 - user:aardvark 469 - request: 470 filters: 471 - user 472 object: document:2 473 relation: viewer 474 expectation: 475 - user:badger 476 477 - name: simple_computeduserset_indirect_ref 478 stages: 479 - model: | 480 model 481 schema 1.1 482 type user 483 type folder 484 relations 485 define parent: [folder] 486 define viewer: [user] or viewer from parent 487 define can_view: viewer 488 tuples: 489 - user: user:anne 490 relation: viewer 491 object: folder:a 492 - user: folder:a 493 relation: parent 494 object: folder:b 495 checkAssertions: 496 - tuple: 497 user: user:anne 498 relation: can_view 499 object: folder:a 500 expectation: true 501 - tuple: 502 user: user:anne 503 relation: can_view 504 object: folder:b 505 expectation: true 506 listObjectsAssertions: 507 - request: 508 user: user:anne 509 type: folder 510 relation: can_view 511 expectation: 512 - folder:a 513 - folder:b 514 listUsersAssertions: 515 - request: 516 filters: 517 - user 518 object: folder:a 519 relation: can_view 520 expectation: 521 - user:anne 522 - request: 523 filters: 524 - user 525 object: folder:b 526 relation: can_view 527 expectation: 528 - user:anne 529 - request: 530 filters: 531 - folder 532 object: folder:a 533 relation: can_view 534 expectation: 535 536 - name: computed_userset_and_intersection 537 stages: 538 - model: | 539 model 540 schema 1.1 541 type user 542 543 type document 544 relations 545 define writer: [user] 546 define editor: [user] 547 define viewer: writer and editor 548 tuples: 549 - object: document:1 550 relation: writer 551 user: user:aardvark 552 - object: document:1 553 relation: editor 554 user: user:aardvark 555 - object: document:2 556 relation: writer 557 user: user:badger 558 - object: document:3 559 relation: editor 560 user: user:cheetah 561 checkAssertions: 562 - tuple: 563 object: document:1 564 relation: viewer 565 user: user:aardvark 566 expectation: true 567 - tuple: 568 object: document:2 569 relation: viewer 570 user: user:badger 571 expectation: false 572 - tuple: 573 object: document:3 574 relation: viewer 575 user: user:cheetah 576 expectation: false 577 listObjectsAssertions: 578 - request: 579 user: user:aardvark 580 type: document 581 relation: viewer 582 expectation: 583 - document:1 584 - request: 585 user: user:badger 586 type: document 587 relation: viewer 588 expectation: 589 - request: 590 user: user:cheetah 591 type: document 592 relation: viewer 593 expectation: 594 listUsersAssertions: 595 - request: 596 filters: 597 - user 598 object: document:1 599 relation: viewer 600 expectation: 601 - user:aardvark 602 - name: computed_userset_and_exclusion 603 stages: 604 - model: | 605 model 606 schema 1.1 607 type user 608 609 type document 610 relations 611 define writer: [user] 612 define editor: [user] 613 define viewer: writer but not editor 614 tuples: 615 - object: document:1 616 relation: writer 617 user: user:aardvark 618 - object: document:1 619 relation: editor 620 user: user:aardvark 621 - object: document:2 622 relation: writer 623 user: user:badger 624 - object: document:3 625 relation: editor 626 user: user:cheetah 627 checkAssertions: 628 - tuple: 629 object: document:1 630 relation: viewer 631 user: user:aardvark 632 expectation: false 633 - tuple: 634 object: document:2 635 relation: viewer 636 user: user:badger 637 expectation: true 638 - tuple: 639 object: document:3 640 relation: viewer 641 user: user:cheetah 642 expectation: false 643 listObjectsAssertions: 644 - request: 645 user: user:aardvark 646 type: document 647 relation: viewer 648 expectation: 649 - request: 650 user: user:badger 651 type: document 652 relation: viewer 653 expectation: 654 - document:2 655 - request: 656 user: user:cheetah 657 type: document 658 relation: viewer 659 expectation: 660 listUsersAssertions: 661 - request: 662 filters: 663 - user 664 object: document:1 665 relation: viewer 666 expectation: 667 - request: 668 filters: 669 - user 670 object: document:2 671 relation: viewer 672 expectation: 673 - user:badger 674 - name: tuple_to_userset_and_computed_userset 675 stages: 676 - model: | 677 model 678 schema 1.1 679 type user 680 681 type folder 682 relations 683 define writer: [user] 684 define viewer: writer 685 686 type document 687 relations 688 define parent: [folder] 689 define viewer: viewer from parent 690 tuples: 691 - object: document:1 692 relation: parent 693 user: folder:X 694 - object: folder:X 695 relation: writer 696 user: user:aardvark 697 checkAssertions: 698 - tuple: 699 object: document:1 700 relation: viewer 701 user: user:aardvark 702 expectation: true 703 listObjectsAssertions: 704 - request: 705 user: user:aardvark 706 type: document 707 relation: viewer 708 expectation: 709 - document:1 710 listUsersAssertions: 711 - request: 712 filters: 713 - user 714 object: document:1 715 relation: viewer 716 expectation: 717 - user:aardvark 718 - request: 719 filters: 720 - folder 721 object: document:1 722 relation: viewer 723 expectation: 724 725 - name: tuple_to_userset_and_tuple_to_userset 726 stages: 727 - model: | 728 model 729 schema 1.1 730 type user 731 732 type group 733 relations 734 define member: [user] 735 736 type folder 737 relations 738 define parent: [group] 739 define viewer: member from parent 740 741 type document 742 relations 743 define parent: [folder] 744 define viewer: viewer from parent 745 tuples: 746 - object: document:1 747 relation: parent 748 user: folder:X 749 - object: folder:X 750 relation: parent 751 user: group:G 752 - object: group:G 753 relation: member 754 user: user:aardvark 755 checkAssertions: 756 - tuple: 757 object: document:1 758 relation: viewer 759 user: user:aardvark 760 expectation: true 761 listObjectsAssertions: 762 - request: 763 user: user:aardvark 764 type: document 765 relation: viewer 766 expectation: 767 - document:1 768 listUsersAssertions: 769 - request: 770 filters: 771 - user 772 object: document:1 773 relation: viewer 774 expectation: 775 - user:aardvark 776 - request: 777 filters: 778 - group 779 object: document:1 780 relation: viewer 781 expectation: 782 - request: 783 filters: 784 - folder 785 object: document:1 786 relation: viewer 787 expectation: 788 789 - name: tuple_to_userset_and_union 790 stages: 791 - model: | 792 model 793 schema 1.1 794 type user 795 796 type folder 797 relations 798 define writer: [user] 799 define editor: [user] 800 define viewer: writer or editor 801 802 type document 803 relations 804 define parent: [folder] 805 define viewer: viewer from parent 806 tuples: 807 - object: document:1 808 relation: parent 809 user: folder:X 810 - object: folder:X 811 relation: writer 812 user: user:aardvark 813 - object: folder:X 814 relation: editor 815 user: user:badger 816 checkAssertions: 817 - tuple: 818 object: document:1 819 relation: viewer 820 user: user:aardvark 821 expectation: true 822 - tuple: 823 object: document:1 824 relation: viewer 825 user: user:badger 826 expectation: true 827 listObjectsAssertions: 828 - request: 829 user: user:aardvark 830 type: document 831 relation: viewer 832 expectation: 833 - document:1 834 - request: 835 user: user:badger 836 type: document 837 relation: viewer 838 expectation: 839 - document:1 840 listUsersAssertions: 841 - request: 842 filters: 843 - user 844 object: document:1 845 relation: viewer 846 expectation: 847 - user:aardvark 848 - user:badger 849 - request: 850 filters: 851 - user 852 object: document:2 853 relation: viewer 854 expectation: 855 - request: 856 filters: 857 - folder#editor 858 object: document:1 859 relation: viewer 860 expectation: 861 - folder:X#editor 862 - request: 863 filters: 864 - folder#writer 865 object: document:1 866 relation: viewer 867 expectation: 868 - folder:X#writer 869 - request: 870 filters: 871 - folder#viewer 872 object: document:1 873 relation: viewer 874 expectation: 875 - folder:X#viewer 876 - request: 877 filters: 878 - folder 879 object: document:1 880 relation: viewer 881 expectation: 882 - name: tuple_to_userset_and_intersection 883 stages: 884 - model: | 885 model 886 schema 1.1 887 type user 888 889 type folder 890 relations 891 define writer: [user] 892 define editor: [user] 893 define viewer: writer and editor 894 895 type document 896 relations 897 define parent: [folder] 898 define viewer: viewer from parent 899 tuples: 900 - object: document:1 901 relation: parent 902 user: folder:X 903 - object: folder:X 904 relation: writer 905 user: user:aardvark 906 - object: folder:X 907 relation: editor 908 user: user:aardvark 909 - object: folder:X 910 relation: writer 911 user: user:badger 912 - object: folder:X 913 relation: editor 914 user: user:cheetah 915 checkAssertions: 916 - tuple: 917 object: document:1 918 relation: viewer 919 user: user:aardvark 920 expectation: true 921 - tuple: 922 object: document:1 923 relation: viewer 924 user: user:badger 925 expectation: false 926 - tuple: 927 object: document:1 928 relation: viewer 929 user: user:cheetah 930 expectation: false 931 listObjectsAssertions: 932 - request: 933 user: user:aardvark 934 type: document 935 relation: viewer 936 expectation: 937 - document:1 938 - request: 939 user: user:badger 940 type: document 941 relation: viewer 942 expectation: 943 - request: 944 user: user:cheetah 945 type: document 946 relation: viewer 947 expectation: 948 listUsersAssertions: 949 - request: 950 filters: 951 - user 952 object: document:1 953 relation: viewer 954 expectation: 955 - user:aardvark 956 - request: 957 filters: 958 - folder#editor 959 object: document:1 960 relation: viewer 961 expectation: 962 - request: 963 filters: 964 - folder#writer 965 object: document:1 966 relation: viewer 967 expectation: 968 - request: 969 filters: 970 - folder#viewer 971 object: document:1 972 relation: viewer 973 expectation: 974 - folder:X#viewer 975 - request: 976 filters: 977 - folder 978 object: document:1 979 relation: viewer 980 expectation: 981 - name: tuple_to_userset_and_exclusion 982 stages: 983 - model: | 984 model 985 schema 1.1 986 type user 987 988 type folder 989 relations 990 define writer: [user] 991 define editor: [user] 992 define viewer: writer but not editor 993 994 type document 995 relations 996 define parent: [folder] 997 define viewer: viewer from parent 998 tuples: 999 - object: document:1 1000 relation: parent 1001 user: folder:X 1002 - object: folder:X 1003 relation: writer 1004 user: user:aardvark 1005 - object: folder:X 1006 relation: editor 1007 user: user:aardvark 1008 - object: folder:X 1009 relation: writer 1010 user: user:badger 1011 - object: folder:X 1012 relation: editor 1013 user: user:cheetah 1014 checkAssertions: 1015 - tuple: 1016 object: document:1 1017 relation: viewer 1018 user: user:aardvark 1019 expectation: false 1020 - tuple: 1021 object: document:1 1022 relation: viewer 1023 user: user:badger 1024 expectation: true 1025 - tuple: 1026 object: document:1 1027 relation: viewer 1028 user: user:cheetah 1029 expectation: false 1030 listObjectsAssertions: 1031 - request: 1032 user: user:aardvark 1033 type: document 1034 relation: viewer 1035 expectation: 1036 - request: 1037 user: user:badger 1038 type: document 1039 relation: viewer 1040 expectation: 1041 - document:1 1042 - request: 1043 user: user:cheetah 1044 type: document 1045 relation: viewer 1046 expectation: 1047 listUsersAssertions: 1048 - request: 1049 filters: 1050 - user 1051 object: document:1 1052 relation: viewer 1053 expectation: 1054 - user:badger 1055 - request: 1056 filters: 1057 - folder#editor 1058 object: document:1 1059 relation: viewer 1060 expectation: 1061 - request: 1062 filters: 1063 - folder#writer 1064 object: document:1 1065 relation: viewer 1066 expectation: 1067 - folder:X#writer 1068 - request: 1069 filters: 1070 - folder#viewer 1071 object: document:1 1072 relation: viewer 1073 expectation: 1074 - folder:X#viewer 1075 - name: union_and_tuple_to_userset 1076 stages: 1077 - model: | 1078 model 1079 schema 1.1 1080 type user 1081 type folder 1082 relations 1083 define viewer: [user] 1084 1085 type document 1086 relations 1087 define parent: [folder] 1088 define writer: [user] 1089 define viewer: writer or viewer from parent 1090 tuples: 1091 - object: document:1 1092 relation: parent 1093 user: folder:X 1094 - object: folder:X 1095 relation: viewer 1096 user: user:aardvark 1097 - object: document:1 1098 relation: writer 1099 user: user:badger 1100 checkAssertions: 1101 - tuple: 1102 object: document:1 1103 relation: viewer 1104 user: user:aardvark 1105 expectation: true 1106 - tuple: 1107 object: document:1 1108 relation: viewer 1109 user: user:badger 1110 expectation: true 1111 listObjectsAssertions: 1112 - request: 1113 user: user:aardvark 1114 type: document 1115 relation: viewer 1116 expectation: 1117 - document:1 1118 - request: 1119 user: user:badger 1120 type: document 1121 relation: viewer 1122 expectation: 1123 - document:1 1124 listUsersAssertions: 1125 - request: 1126 filters: 1127 - user 1128 object: document:1 1129 relation: viewer 1130 expectation: 1131 - user:aardvark 1132 - user:badger 1133 - request: 1134 filters: 1135 - user 1136 object: document:2 1137 relation: viewer 1138 expectation: 1139 1140 - name: union_and_union 1141 stages: 1142 - model: | 1143 model 1144 schema 1.1 1145 type user 1146 1147 type document 1148 relations 1149 define writer: [user] 1150 define editor: [user] 1151 define owner: [user] 1152 define viewer: writer or editor or owner 1153 tuples: 1154 - object: document:1 1155 relation: writer 1156 user: user:aardvark 1157 - object: document:2 1158 relation: editor 1159 user: user:badger 1160 - object: document:3 1161 relation: owner 1162 user: user:cheetah 1163 checkAssertions: 1164 - tuple: 1165 object: document:1 1166 relation: viewer 1167 user: user:aardvark 1168 expectation: true 1169 - tuple: 1170 object: document:2 1171 relation: viewer 1172 user: user:badger 1173 expectation: true 1174 - tuple: 1175 object: document:3 1176 relation: viewer 1177 user: user:cheetah 1178 expectation: true 1179 listObjectsAssertions: 1180 - request: 1181 user: user:aardvark 1182 type: document 1183 relation: viewer 1184 expectation: 1185 - document:1 1186 - request: 1187 user: user:badger 1188 type: document 1189 relation: viewer 1190 expectation: 1191 - document:2 1192 - request: 1193 user: user:cheetah 1194 type: document 1195 relation: viewer 1196 expectation: 1197 - document:3 1198 listUsersAssertions: 1199 - request: 1200 filters: 1201 - user 1202 object: document:1 1203 relation: viewer 1204 expectation: 1205 - user:aardvark 1206 - request: 1207 filters: 1208 - user 1209 object: document:2 1210 relation: viewer 1211 expectation: 1212 - user:badger 1213 - request: 1214 filters: 1215 - user 1216 object: document:3 1217 relation: viewer 1218 expectation: 1219 - user:cheetah 1220 1221 - name: union_and_intersection 1222 stages: 1223 - model: | 1224 model 1225 schema 1.1 1226 type user 1227 1228 type document 1229 relations 1230 define writer: [user] 1231 define editor: [user] 1232 define owner: [user] 1233 define viewer: writer or (editor and owner) 1234 tuples: 1235 - object: document:1 1236 relation: writer 1237 user: user:aardvark 1238 - object: document:2 1239 relation: editor 1240 user: user:badger 1241 - object: document:2 1242 relation: owner 1243 user: user:badger 1244 - object: document:3 1245 relation: editor 1246 user: user:cheetah 1247 - object: document:4 1248 relation: owner 1249 user: user:duck 1250 checkAssertions: 1251 - tuple: 1252 object: document:1 1253 relation: viewer 1254 user: user:aardvark 1255 expectation: true 1256 - tuple: 1257 object: document:2 1258 relation: viewer 1259 user: user:badger 1260 expectation: true 1261 - tuple: 1262 object: document:3 1263 relation: viewer 1264 user: user:cheetah 1265 expectation: false 1266 - tuple: 1267 object: document:4 1268 relation: viewer 1269 user: user:duck 1270 expectation: false 1271 listObjectsAssertions: 1272 - request: 1273 user: user:aardvark 1274 type: document 1275 relation: viewer 1276 expectation: 1277 - document:1 1278 - request: 1279 user: user:badger 1280 type: document 1281 relation: viewer 1282 expectation: 1283 - document:2 1284 - request: 1285 user: user:cheetah 1286 type: document 1287 relation: viewer 1288 expectation: 1289 - request: 1290 user: user:duck 1291 type: document 1292 relation: viewer 1293 expectation: 1294 listUsersAssertions: 1295 - request: 1296 filters: 1297 - user 1298 object: document:1 1299 relation: viewer 1300 expectation: 1301 - user:aardvark 1302 - request: 1303 filters: 1304 - user 1305 object: document:2 1306 relation: viewer 1307 expectation: 1308 - user:badger 1309 - request: 1310 filters: 1311 - user 1312 object: document:3 1313 relation: viewer 1314 expectation: 1315 - request: 1316 filters: 1317 - user 1318 object: document:4 1319 relation: viewer 1320 expectation: 1321 - name: union_and_exclusion 1322 stages: 1323 - model: | 1324 model 1325 schema 1.1 1326 type user 1327 1328 type document 1329 relations 1330 define writer: [user] 1331 define editor: [user] 1332 define owner: [user] 1333 define viewer: writer or (editor but not owner) 1334 tuples: 1335 - object: document:1 1336 relation: writer 1337 user: user:aardvark 1338 - object: document:1 1339 relation: editor 1340 user: user:badger 1341 - object: document:2 1342 relation: owner 1343 user: user:badger 1344 - object: document:3 1345 relation: editor 1346 user: user:cheetah 1347 - object: document:4 1348 relation: owner 1349 user: user:duck 1350 checkAssertions: 1351 - tuple: 1352 object: document:1 1353 relation: viewer 1354 user: user:aardvark 1355 expectation: true 1356 - tuple: 1357 object: document:1 1358 relation: viewer 1359 user: user:badger 1360 expectation: true 1361 - tuple: 1362 object: document:2 1363 relation: viewer 1364 user: user:badger 1365 expectation: false 1366 - tuple: 1367 object: document:3 1368 relation: viewer 1369 user: user:cheetah 1370 expectation: true 1371 - tuple: 1372 object: document:4 1373 relation: viewer 1374 user: user:duck 1375 expectation: false 1376 listObjectsAssertions: 1377 - request: 1378 user: user:aardvark 1379 type: document 1380 relation: viewer 1381 expectation: 1382 - document:1 1383 - request: 1384 user: user:badger 1385 type: document 1386 relation: viewer 1387 expectation: 1388 - document:1 1389 - request: 1390 user: user:cheetah 1391 type: document 1392 relation: viewer 1393 expectation: 1394 - document:3 1395 - request: 1396 user: user:duck 1397 type: document 1398 relation: viewer 1399 expectation: 1400 listUsersAssertions: 1401 - request: 1402 filters: 1403 - user 1404 object: document:1 1405 relation: viewer 1406 expectation: 1407 - user:aardvark 1408 - user:badger 1409 - request: 1410 filters: 1411 - document#writer 1412 object: document:1 1413 relation: viewer 1414 expectation: 1415 - document:1#writer 1416 - request: 1417 filters: 1418 - document#editor 1419 object: document:1 1420 relation: viewer 1421 expectation: 1422 - document:1#editor 1423 - request: 1424 filters: 1425 - user 1426 object: document:3 1427 relation: viewer 1428 expectation: 1429 - user:cheetah 1430 - name: intersection_and_tuple_to_userset 1431 stages: 1432 - model: | 1433 model 1434 schema 1.1 1435 type user 1436 1437 type folder 1438 relations 1439 define viewer: [user] 1440 1441 type document 1442 relations 1443 define parent: [folder] 1444 define writer: [user] 1445 define viewer: writer and viewer from parent 1446 tuples: 1447 - object: document:1 1448 relation: parent 1449 user: folder:X 1450 - object: folder:X 1451 relation: viewer 1452 user: user:aardvark 1453 - object: document:1 1454 relation: writer 1455 user: user:aardvark 1456 - object: folder:X 1457 relation: viewer 1458 user: user:badger 1459 - object: document:2 1460 relation: writer 1461 user: user:cheetah 1462 checkAssertions: 1463 - tuple: 1464 object: document:1 1465 relation: viewer 1466 user: user:aardvark 1467 expectation: true 1468 - tuple: 1469 object: document:1 1470 relation: viewer 1471 user: user:badger 1472 expectation: false 1473 - tuple: 1474 object: document:2 1475 relation: viewer 1476 user: user:cheetah 1477 expectation: false 1478 listObjectsAssertions: 1479 - request: 1480 user: user:aardvark 1481 type: document 1482 relation: viewer 1483 expectation: 1484 - document:1 1485 - request: 1486 user: user:badger 1487 type: document 1488 relation: viewer 1489 expectation: 1490 - request: 1491 user: user:cheetah 1492 type: document 1493 relation: viewer 1494 expectation: 1495 listUsersAssertions: 1496 - request: 1497 filters: 1498 - user 1499 object: document:1 1500 relation: viewer 1501 expectation: 1502 - user:aardvark 1503 - request: 1504 filters: 1505 - user 1506 object: document:2 1507 relation: viewer 1508 expectation: 1509 - request: 1510 filters: 1511 - user 1512 object: document:3 1513 relation: viewer 1514 expectation: 1515 - name: intersection_and_union 1516 stages: 1517 - model: | 1518 model 1519 schema 1.1 1520 type user 1521 1522 type document 1523 relations 1524 define writer: [user] 1525 define editor: [user] 1526 define owner: [user] 1527 define viewer: writer and (editor or owner) 1528 tuples: 1529 - object: document:1 1530 relation: writer 1531 user: user:aardvark 1532 - object: document:1 1533 relation: editor 1534 user: user:aardvark 1535 - object: document:2 1536 relation: writer 1537 user: user:badger 1538 - object: document:2 1539 relation: owner 1540 user: user:badger 1541 - object: document:3 1542 relation: writer 1543 user: user:cheetah 1544 - object: document:4 1545 relation: editor 1546 user: user:duck 1547 - object: document:5 1548 relation: owner 1549 user: user:eagle 1550 checkAssertions: 1551 - tuple: 1552 object: document:1 1553 relation: viewer 1554 user: user:aardvark 1555 expectation: true 1556 - tuple: 1557 object: document:2 1558 relation: viewer 1559 user: user:badger 1560 expectation: true 1561 - tuple: 1562 object: document:3 1563 relation: viewer 1564 user: user:cheetah 1565 expectation: false 1566 - tuple: 1567 object: document:4 1568 relation: viewer 1569 user: user:duck 1570 expectation: false 1571 - tuple: 1572 object: document:5 1573 relation: viewer 1574 user: user:eagle 1575 expectation: false 1576 listObjectsAssertions: 1577 - request: 1578 user: user:aardvark 1579 type: document 1580 relation: viewer 1581 expectation: 1582 - document:1 1583 - request: 1584 user: user:badger 1585 type: document 1586 relation: viewer 1587 expectation: 1588 - document:2 1589 - request: 1590 user: user:cheetah 1591 type: document 1592 relation: viewer 1593 expectation: 1594 - request: 1595 user: user:duck 1596 type: document 1597 relation: viewer 1598 expectation: 1599 - request: 1600 user: user:eagle 1601 type: document 1602 relation: viewer 1603 expectation: 1604 listUsersAssertions: 1605 - request: 1606 filters: 1607 - user 1608 object: document:1 1609 relation: viewer 1610 expectation: 1611 - user:aardvark 1612 - request: 1613 filters: 1614 - user 1615 object: document:2 1616 relation: viewer 1617 expectation: 1618 - user:badger 1619 - request: 1620 filters: 1621 - user 1622 object: document:3 1623 relation: viewer 1624 expectation: 1625 - request: 1626 filters: 1627 - user 1628 object: document:4 1629 relation: viewer 1630 expectation: 1631 - request: 1632 filters: 1633 - user 1634 object: document:5 1635 relation: viewer 1636 expectation: 1637 - name: intersection_and_intersection 1638 stages: 1639 - model: | 1640 model 1641 schema 1.1 1642 type user 1643 1644 type document 1645 relations 1646 define writer: [user] 1647 define editor: [user] 1648 define owner: [user] 1649 define viewer: writer and editor and owner 1650 tuples: 1651 - object: document:1 1652 relation: writer 1653 user: user:aardvark 1654 - object: document:1 1655 relation: editor 1656 user: user:aardvark 1657 - object: document:1 1658 relation: owner 1659 user: user:aardvark 1660 - object: document:2 1661 relation: writer 1662 user: user:badger 1663 - object: document:2 1664 relation: editor 1665 user: user:badger 1666 - object: document:3 1667 relation: writer 1668 user: user:cheetah 1669 - object: document:3 1670 relation: owner 1671 user: user:cheetah 1672 - object: document:4 1673 relation: writer 1674 user: user:duck 1675 - object: document:5 1676 relation: editor 1677 user: user:eagle 1678 - object: document:6 1679 relation: owner 1680 user: user:fox 1681 checkAssertions: 1682 - tuple: 1683 object: document:1 1684 relation: viewer 1685 user: user:aardvark 1686 expectation: true 1687 - tuple: 1688 object: document:2 1689 relation: viewer 1690 user: user:badger 1691 expectation: false 1692 - tuple: 1693 object: document:3 1694 relation: viewer 1695 user: user:cheetah 1696 expectation: false 1697 - tuple: 1698 object: document:4 1699 relation: viewer 1700 user: user:duck 1701 expectation: false 1702 - tuple: 1703 object: document:5 1704 relation: viewer 1705 user: user:eagle 1706 expectation: false 1707 - tuple: 1708 object: document:6 1709 relation: viewer 1710 user: user:fox 1711 expectation: false 1712 listObjectsAssertions: 1713 - request: 1714 user: user:aardvark 1715 type: document 1716 relation: viewer 1717 expectation: 1718 - document:1 1719 - request: 1720 user: user:badger 1721 type: document 1722 relation: viewer 1723 expectation: 1724 - request: 1725 user: user:cheetah 1726 type: document 1727 relation: viewer 1728 expectation: 1729 - request: 1730 user: user:duck 1731 type: document 1732 relation: viewer 1733 expectation: 1734 - request: 1735 user: user:eagle 1736 type: document 1737 relation: viewer 1738 expectation: 1739 - request: 1740 user: user:fox 1741 type: document 1742 relation: viewer 1743 expectation: 1744 listUsersAssertions: 1745 - request: 1746 filters: 1747 - user 1748 object: document:1 1749 relation: viewer 1750 expectation: 1751 - user:aardvark 1752 - request: 1753 filters: 1754 - user 1755 object: document:2 1756 relation: viewer 1757 expectation: 1758 - request: 1759 filters: 1760 - user 1761 object: document:3 1762 relation: viewer 1763 expectation: 1764 - request: 1765 filters: 1766 - user 1767 object: document:4 1768 relation: viewer 1769 expectation: 1770 - request: 1771 filters: 1772 - user 1773 object: document:5 1774 relation: viewer 1775 expectation: 1776 - request: 1777 filters: 1778 - user 1779 object: document:6 1780 relation: viewer 1781 expectation: 1782 - name: intersection_and_exclusion 1783 stages: 1784 - model: | 1785 model 1786 schema 1.1 1787 type user 1788 1789 type document 1790 relations 1791 define writer: [user] 1792 define editor: [user] 1793 define owner: [user] 1794 define viewer: writer and (editor but not owner) 1795 tuples: 1796 - object: document:1 1797 relation: writer 1798 user: user:aardvark 1799 - object: document:1 1800 relation: editor 1801 user: user:aardvark 1802 - object: document:1 1803 relation: owner 1804 user: user:aardvark 1805 - object: document:2 1806 relation: writer 1807 user: user:badger 1808 - object: document:2 1809 relation: editor 1810 user: user:badger 1811 - object: document:3 1812 relation: writer 1813 user: user:cheetah 1814 - object: document:3 1815 relation: owner 1816 user: user:cheetah 1817 - object: document:4 1818 relation: writer 1819 user: user:duck 1820 - object: document:5 1821 relation: editor 1822 user: user:eagle 1823 - object: document:6 1824 relation: owner 1825 user: user:fox 1826 checkAssertions: 1827 - tuple: 1828 object: document:1 1829 relation: viewer 1830 user: user:aardvark 1831 expectation: false 1832 - tuple: 1833 object: document:2 1834 relation: viewer 1835 user: user:badger 1836 expectation: true 1837 - tuple: 1838 object: document:3 1839 relation: viewer 1840 user: user:cheetah 1841 expectation: false 1842 - tuple: 1843 object: document:4 1844 relation: viewer 1845 user: user:duck 1846 expectation: false 1847 - tuple: 1848 object: document:5 1849 relation: viewer 1850 user: user:eagle 1851 expectation: false 1852 - tuple: 1853 object: document:6 1854 relation: viewer 1855 user: user:fox 1856 expectation: false 1857 listObjectsAssertions: 1858 - request: 1859 user: user:aardvark 1860 type: document 1861 relation: viewer 1862 expectation: 1863 - request: 1864 user: user:badger 1865 type: document 1866 relation: viewer 1867 expectation: 1868 - document:2 1869 - request: 1870 user: user:cheetah 1871 type: document 1872 relation: viewer 1873 expectation: 1874 - request: 1875 user: user:duck 1876 type: document 1877 relation: viewer 1878 expectation: 1879 - request: 1880 user: user:eagle 1881 type: document 1882 relation: viewer 1883 expectation: 1884 - request: 1885 user: user:fox 1886 type: document 1887 relation: viewer 1888 expectation: 1889 listUsersAssertions: 1890 - request: 1891 filters: 1892 - user 1893 object: document:1 1894 relation: viewer 1895 expectation: 1896 - request: 1897 filters: 1898 - document#writer 1899 object: document:1 1900 relation: viewer 1901 expectation: 1902 - request: 1903 filters: 1904 - user 1905 object: document:2 1906 relation: viewer 1907 expectation: 1908 - user:badger 1909 - name: exclusion_and_computed_userset 1910 stages: 1911 - model: | 1912 model 1913 schema 1.1 1914 type user 1915 1916 type document 1917 relations 1918 define writer: [user] 1919 define editor: [user] 1920 define viewer: writer but not editor 1921 tuples: 1922 - object: document:1 1923 relation: writer 1924 user: user:aardvark 1925 - object: document:1 1926 relation: editor 1927 user: user:aardvark 1928 - object: document:2 1929 relation: writer 1930 user: user:badger 1931 - object: document:3 1932 relation: editor 1933 user: user:cheetah 1934 checkAssertions: 1935 - tuple: 1936 object: document:1 1937 relation: viewer 1938 user: user:aardvark 1939 expectation: false 1940 - tuple: 1941 object: document:2 1942 relation: viewer 1943 user: user:badger 1944 expectation: true 1945 - tuple: 1946 object: document:3 1947 relation: viewer 1948 user: user:cheetah 1949 expectation: false 1950 listObjectsAssertions: 1951 - request: 1952 user: user:aardvark 1953 type: document 1954 relation: viewer 1955 expectation: 1956 - request: 1957 user: user:badger 1958 type: document 1959 relation: viewer 1960 expectation: 1961 - document:2 1962 - request: 1963 user: user:cheetah 1964 type: document 1965 relation: viewer 1966 expectation: 1967 listUsersAssertions: 1968 - request: 1969 filters: 1970 - user 1971 object: document:1 1972 relation: viewer 1973 expectation: 1974 - request: 1975 filters: 1976 - user 1977 object: document:2 1978 relation: viewer 1979 expectation: 1980 - user:badger 1981 - name: exclusion_and_tuple_to_userset_in_base 1982 stages: 1983 - model: | 1984 model 1985 schema 1.1 1986 type user 1987 1988 type folder 1989 relations 1990 define viewer: [user] 1991 1992 type document 1993 relations 1994 define parent: [folder] 1995 define writer: [user] 1996 define viewer: viewer from parent but not writer 1997 tuples: 1998 - object: document:1 1999 relation: parent 2000 user: folder:X 2001 - object: folder:X 2002 relation: viewer 2003 user: user:aardvark 2004 - object: document:1 2005 relation: writer 2006 user: user:aardvark 2007 - object: folder:X 2008 relation: viewer 2009 user: user:badger 2010 - object: document:2 2011 relation: writer 2012 user: user:cheetah 2013 checkAssertions: 2014 - tuple: 2015 object: document:1 2016 relation: viewer 2017 user: user:aardvark 2018 expectation: false 2019 - tuple: 2020 object: document:1 2021 relation: viewer 2022 user: user:badger 2023 expectation: true 2024 - tuple: 2025 object: document:2 2026 relation: viewer 2027 user: user:cheetah 2028 expectation: false 2029 listObjectsAssertions: 2030 - request: 2031 user: user:aardvark 2032 type: document 2033 relation: viewer 2034 expectation: 2035 - request: 2036 user: user:badger 2037 type: document 2038 relation: viewer 2039 expectation: 2040 - document:1 2041 - request: 2042 user: user:cheetah 2043 type: document 2044 relation: viewer 2045 expectation: 2046 listUsersAssertions: 2047 - request: 2048 filters: 2049 - user 2050 object: document:1 2051 relation: viewer 2052 expectation: 2053 - user:badger 2054 - request: 2055 filters: 2056 - folder#viewer 2057 object: document:1 2058 relation: viewer 2059 expectation: 2060 - folder:X#viewer 2061 - request: 2062 filters: 2063 - document#writer 2064 object: document:1 2065 relation: viewer 2066 expectation: 2067 - request: 2068 filters: 2069 - user 2070 object: document:2 2071 relation: viewer 2072 expectation: 2073 - name: exclusion_and_tuple_to_userset_in_subtract 2074 stages: 2075 - model: | 2076 model 2077 schema 1.1 2078 type user 2079 2080 type folder 2081 relations 2082 define viewer: [user] 2083 2084 type document 2085 relations 2086 define parent: [folder] 2087 define writer: [user] 2088 define viewer: writer but not viewer from parent 2089 tuples: 2090 - object: document:1 2091 relation: parent 2092 user: folder:X 2093 - object: folder:X 2094 relation: viewer 2095 user: user:aardvark 2096 - object: document:1 2097 relation: writer 2098 user: user:aardvark 2099 - object: folder:X 2100 relation: viewer 2101 user: user:badger 2102 - object: document:2 2103 relation: writer 2104 user: user:cheetah 2105 checkAssertions: 2106 - tuple: 2107 object: document:1 2108 relation: viewer 2109 user: user:aardvark 2110 expectation: false 2111 - tuple: 2112 object: document:1 2113 relation: viewer 2114 user: user:badger 2115 expectation: false 2116 - tuple: 2117 object: document:2 2118 relation: viewer 2119 user: user:cheetah 2120 expectation: true 2121 listObjectsAssertions: 2122 - request: 2123 user: user:aardvark 2124 type: document 2125 relation: viewer 2126 expectation: 2127 - request: 2128 user: user:badger 2129 type: document 2130 relation: viewer 2131 expectation: 2132 - request: 2133 user: user:cheetah 2134 type: document 2135 relation: viewer 2136 expectation: 2137 - document:2 2138 listUsersAssertions: 2139 - request: 2140 filters: 2141 - user 2142 object: document:1 2143 relation: viewer 2144 expectation: 2145 - request: 2146 filters: 2147 - user 2148 object: document:2 2149 relation: viewer 2150 expectation: 2151 - user:cheetah 2152 - name: exclusion_and_union_in_base 2153 stages: 2154 - model: | 2155 model 2156 schema 1.1 2157 type user 2158 2159 type document 2160 relations 2161 define writer: [user] 2162 define editor: [user] 2163 define owner: [user] 2164 define viewer: (writer or editor) but not owner 2165 tuples: 2166 - object: document:1 2167 relation: writer 2168 user: user:aardvark 2169 - object: document:1 2170 relation: editor 2171 user: user:aardvark 2172 - object: document:1 2173 relation: owner 2174 user: user:aardvark 2175 - object: document:2 2176 relation: writer 2177 user: user:badger 2178 - object: document:2 2179 relation: owner 2180 user: user:badger 2181 - object: document:3 2182 relation: editor 2183 user: user:cheetah 2184 - object: document:3 2185 relation: owner 2186 user: user:cheetah 2187 - object: document:4 2188 relation: writer 2189 user: user:duck 2190 - object: document:5 2191 relation: editor 2192 user: user:eagle 2193 checkAssertions: 2194 - tuple: 2195 object: document:1 2196 relation: viewer 2197 user: user:aardvark 2198 expectation: false 2199 - tuple: 2200 object: document:2 2201 relation: viewer 2202 user: user:badger 2203 expectation: false 2204 - tuple: 2205 object: document:3 2206 relation: viewer 2207 user: user:cheetah 2208 expectation: false 2209 - tuple: 2210 object: document:4 2211 relation: viewer 2212 user: user:duck 2213 expectation: true 2214 - tuple: 2215 object: document:5 2216 relation: viewer 2217 user: user:eagle 2218 expectation: true 2219 listObjectsAssertions: 2220 - request: 2221 user: user:aardvark 2222 type: document 2223 relation: viewer 2224 expectation: 2225 - request: 2226 user: user:badger 2227 type: document 2228 relation: viewer 2229 expectation: 2230 - request: 2231 user: user:cheetah 2232 type: document 2233 relation: viewer 2234 expectation: 2235 - request: 2236 user: user:duck 2237 type: document 2238 relation: viewer 2239 expectation: 2240 - document:4 2241 - request: 2242 user: user:eagle 2243 type: document 2244 relation: viewer 2245 expectation: 2246 - document:5 2247 listUsersAssertions: 2248 - request: 2249 filters: 2250 - document#writer 2251 object: document:1 2252 relation: viewer 2253 expectation: 2254 - document:1#writer 2255 - request: 2256 filters: 2257 - document#editor 2258 object: document:1 2259 relation: viewer 2260 expectation: 2261 - document:1#editor 2262 - request: 2263 filters: 2264 - user 2265 object: document:4 2266 relation: viewer 2267 expectation: 2268 - user:duck 2269 - request: 2270 filters: 2271 - user 2272 object: document:5 2273 relation: viewer 2274 expectation: 2275 - user:eagle 2276 - name: exclusion_and_union_in_subtract 2277 stages: 2278 - model: | 2279 model 2280 schema 1.1 2281 type user 2282 2283 type document 2284 relations 2285 define writer: [user] 2286 define editor: [user] 2287 define owner: [user] 2288 define viewer: writer but not (editor or owner) 2289 tuples: 2290 - object: document:1 2291 relation: writer 2292 user: user:aardvark 2293 - object: document:1 2294 relation: editor 2295 user: user:aardvark 2296 - object: document:2 2297 relation: writer 2298 user: user:badger 2299 - object: document:2 2300 relation: owner 2301 user: user:badger 2302 - object: document:3 2303 relation: writer 2304 user: user:cheetah 2305 checkAssertions: 2306 - tuple: 2307 object: document:1 2308 relation: viewer 2309 user: user:aardvark 2310 expectation: false 2311 - tuple: 2312 object: document:2 2313 relation: viewer 2314 user: user:badger 2315 expectation: false 2316 - tuple: 2317 object: document:3 2318 relation: viewer 2319 user: user:cheetah 2320 expectation: true 2321 listObjectsAssertions: 2322 - request: 2323 user: user:aardvark 2324 type: document 2325 relation: viewer 2326 expectation: 2327 - request: 2328 user: user:badger 2329 type: document 2330 relation: viewer 2331 expectation: 2332 - request: 2333 user: user:cheetah 2334 type: document 2335 relation: viewer 2336 expectation: 2337 - document:3 2338 listUsersAssertions: 2339 - request: 2340 filters: 2341 - user 2342 object: document:1 2343 relation: viewer 2344 expectation: 2345 - request: 2346 filters: 2347 - user 2348 object: document:2 2349 relation: viewer 2350 expectation: 2351 - request: 2352 filters: 2353 - user 2354 object: document:3 2355 relation: viewer 2356 expectation: 2357 - user:cheetah 2358 - name: exclusion_and_intersection_in_base 2359 stages: 2360 - model: | 2361 model 2362 schema 1.1 2363 type user 2364 2365 type document 2366 relations 2367 define writer: [user] 2368 define editor: [user] 2369 define owner: [user] 2370 define viewer: (writer and editor) but not owner 2371 tuples: 2372 - object: document:1 2373 relation: writer 2374 user: user:aardvark 2375 - object: document:1 2376 relation: editor 2377 user: user:aardvark 2378 - object: document:1 2379 relation: owner 2380 user: user:aardvark 2381 - object: document:2 2382 relation: writer 2383 user: user:badger 2384 - object: document:2 2385 relation: editor 2386 user: user:badger 2387 - object: document:3 2388 relation: writer 2389 user: user:cheetah 2390 - object: document:4 2391 relation: editor 2392 user: user:duck 2393 - object: document:5 2394 relation: owner 2395 user: user:eagle 2396 checkAssertions: 2397 - tuple: 2398 object: document:1 2399 relation: viewer 2400 user: user:aardvark 2401 expectation: false 2402 - tuple: 2403 object: document:2 2404 relation: viewer 2405 user: user:badger 2406 expectation: true 2407 - tuple: 2408 object: document:3 2409 relation: viewer 2410 user: user:cheetah 2411 expectation: false 2412 - tuple: 2413 object: document:4 2414 relation: viewer 2415 user: user:duck 2416 expectation: false 2417 - tuple: 2418 object: document:5 2419 relation: viewer 2420 user: user:eagle 2421 expectation: false 2422 listObjectsAssertions: 2423 - request: 2424 user: user:aardvark 2425 type: document 2426 relation: viewer 2427 expectation: 2428 - request: 2429 user: user:badger 2430 type: document 2431 relation: viewer 2432 expectation: 2433 - document:2 2434 - request: 2435 user: user:cheetah 2436 type: document 2437 relation: viewer 2438 expectation: 2439 - request: 2440 user: user:duck 2441 type: document 2442 relation: viewer 2443 expectation: 2444 - request: 2445 user: user:eagle 2446 type: document 2447 relation: viewer 2448 expectation: 2449 listUsersAssertions: 2450 - request: 2451 filters: 2452 - user 2453 object: document:1 2454 relation: viewer 2455 expectation: 2456 - request: 2457 filters: 2458 - user 2459 object: document:2 2460 relation: viewer 2461 expectation: 2462 - user:badger 2463 - request: 2464 filters: 2465 - user 2466 object: document:3 2467 relation: viewer 2468 expectation: 2469 - request: 2470 filters: 2471 - user 2472 object: document:4 2473 relation: viewer 2474 expectation: 2475 - request: 2476 filters: 2477 - user 2478 object: document:5 2479 relation: viewer 2480 expectation: 2481 - name: exclusion_and_intersection_in_subtract 2482 stages: 2483 - model: | 2484 model 2485 schema 1.1 2486 type user 2487 2488 type document 2489 relations 2490 define writer: [user] 2491 define editor: [user] 2492 define owner: [user] 2493 define viewer: writer but not (editor and owner) 2494 tuples: 2495 - object: document:1 2496 relation: writer 2497 user: user:aardvark 2498 - object: document:1 2499 relation: editor 2500 user: user:aardvark 2501 - object: document:1 2502 relation: owner 2503 user: user:aardvark 2504 - object: document:2 2505 relation: writer 2506 user: user:badger 2507 - object: document:2 2508 relation: editor 2509 user: user:badger 2510 - object: document:3 2511 relation: writer 2512 user: user:cheetah 2513 - object: document:3 2514 relation: owner 2515 user: user:cheetah 2516 - object: document:4 2517 relation: writer 2518 user: user:duck 2519 checkAssertions: 2520 - tuple: 2521 object: document:1 2522 relation: viewer 2523 user: user:aardvark 2524 expectation: false 2525 - tuple: 2526 object: document:2 2527 relation: viewer 2528 user: user:badger 2529 expectation: true 2530 - tuple: 2531 object: document:3 2532 relation: viewer 2533 user: user:cheetah 2534 expectation: true 2535 - tuple: 2536 object: document:4 2537 relation: viewer 2538 user: user:duck 2539 expectation: true 2540 listObjectsAssertions: 2541 - request: 2542 user: user:aardvark 2543 type: document 2544 relation: viewer 2545 expectation: 2546 - request: 2547 user: user:badger 2548 type: document 2549 relation: viewer 2550 expectation: 2551 - document:2 2552 - request: 2553 user: user:cheetah 2554 type: document 2555 relation: viewer 2556 expectation: 2557 - document:3 2558 - request: 2559 user: user:duck 2560 type: document 2561 relation: viewer 2562 expectation: 2563 - document:4 2564 listUsersAssertions: 2565 - request: 2566 filters: 2567 - user 2568 object: document:2 2569 relation: viewer 2570 expectation: 2571 - user:badger 2572 - request: 2573 filters: 2574 - user 2575 object: document:3 2576 relation: viewer 2577 expectation: 2578 - user:cheetah 2579 - request: 2580 filters: 2581 - user 2582 object: document:4 2583 relation: viewer 2584 expectation: 2585 - user:duck 2586 - name: exclusion_and_exclusion_in_base 2587 stages: 2588 - model: | 2589 model 2590 schema 1.1 2591 type user 2592 2593 type document 2594 relations 2595 define writer: [user] 2596 define editor: [user] 2597 define owner: [user] 2598 define viewer: (writer but not editor) but not owner 2599 tuples: 2600 - object: document:1 2601 relation: writer 2602 user: user:aardvark 2603 - object: document:1 2604 relation: editor 2605 user: user:aardvark 2606 - object: document:2 2607 relation: writer 2608 user: user:badger 2609 - object: document:2 2610 relation: owner 2611 user: user:badger 2612 - object: document:3 2613 relation: writer 2614 user: user:cheetah 2615 checkAssertions: 2616 - tuple: 2617 object: document:1 2618 relation: viewer 2619 user: user:aardvark 2620 expectation: false 2621 - tuple: 2622 object: document:2 2623 relation: viewer 2624 user: user:badger 2625 expectation: false 2626 - tuple: 2627 object: document:3 2628 relation: viewer 2629 user: user:cheetah 2630 expectation: true 2631 listObjectsAssertions: 2632 - request: 2633 user: user:aardvark 2634 type: document 2635 relation: viewer 2636 expectation: 2637 - request: 2638 user: user:badger 2639 type: document 2640 relation: viewer 2641 expectation: 2642 - request: 2643 user: user:cheetah 2644 type: document 2645 relation: viewer 2646 expectation: 2647 - document:3 2648 listUsersAssertions: 2649 - request: 2650 filters: 2651 - user 2652 object: document:1 2653 relation: viewer 2654 expectation: 2655 - request: 2656 filters: 2657 - user 2658 object: document:2 2659 relation: viewer 2660 expectation: 2661 - request: 2662 filters: 2663 - user 2664 object: document:3 2665 relation: viewer 2666 expectation: 2667 - user:cheetah 2668 - name: exclusion_and_exclusion_in_subtract 2669 stages: 2670 - model: | 2671 model 2672 schema 1.1 2673 type user 2674 2675 type document 2676 relations 2677 define writer: [user] 2678 define editor: [user] 2679 define owner: [user] 2680 define viewer: writer but not (editor but not owner) 2681 tuples: 2682 - object: document:1 2683 relation: writer 2684 user: user:aardvark 2685 - object: document:1 2686 relation: editor 2687 user: user:aardvark 2688 - object: document:1 2689 relation: owner 2690 user: user:aardvark 2691 - object: document:2 2692 relation: writer 2693 user: user:badger 2694 - object: document:2 2695 relation: editor 2696 user: user:badger 2697 - object: document:3 2698 relation: writer 2699 user: user:cheetah 2700 - object: document:3 2701 relation: owner 2702 user: user:cheetah 2703 checkAssertions: 2704 - tuple: 2705 object: document:1 2706 relation: viewer 2707 user: user:aardvark 2708 expectation: true 2709 - tuple: 2710 object: document:2 2711 relation: viewer 2712 user: user:badger 2713 expectation: false 2714 - tuple: 2715 object: document:3 2716 relation: viewer 2717 user: user:cheetah 2718 expectation: true 2719 listObjectsAssertions: 2720 - request: 2721 user: user:aardvark 2722 type: document 2723 relation: viewer 2724 expectation: 2725 - document:1 2726 - request: 2727 user: user:badger 2728 type: document 2729 relation: viewer 2730 expectation: 2731 - request: 2732 user: user:cheetah 2733 type: document 2734 relation: viewer 2735 expectation: 2736 - document:3 2737 listUsersAssertions: 2738 - request: 2739 filters: 2740 - user 2741 object: document:1 2742 relation: viewer 2743 expectation: 2744 - user:aardvark 2745 - request: 2746 filters: 2747 - user 2748 object: document:2 2749 relation: viewer 2750 expectation: 2751 - request: 2752 filters: 2753 - user 2754 object: document:3 2755 relation: viewer 2756 expectation: 2757 - user:cheetah 2758 - name: exclusion_between_userset_and_type 2759 stages: 2760 - model: | 2761 model 2762 schema 1.1 2763 type user 2764 type group 2765 relations 2766 define member: [user, group#member] but not blocked 2767 define blocked: [user, group#member] 2768 tuples: 2769 - object: group:1 2770 relation: blocked 2771 user: group:1#member 2772 - object: group:1 2773 relation: member 2774 user: user:will 2775 checkAssertions: 2776 - tuple: 2777 object: group:1 2778 relation: member 2779 user: user:will 2780 expectation: false 2781 - tuple: 2782 object: group:1 2783 relation: blocked 2784 user: group:1#member 2785 expectation: true 2786 listObjectsAssertions: 2787 - request: 2788 user: user:will 2789 type: group 2790 relation: member 2791 expectation: 2792 - request: 2793 user: group:1#member 2794 type: group 2795 relation: blocked 2796 expectation: 2797 - group:1 2798 listUsersAssertions: 2799 - request: 2800 filters: 2801 - user 2802 object: group:1 2803 relation: member 2804 expectation: 2805 - request: 2806 filters: 2807 - group#member 2808 object: group:1 2809 relation: blocked 2810 expectation: 2811 - group:1#member 2812 - name: userset_as_user 2813 stages: 2814 - model: | 2815 model 2816 schema 1.1 2817 type user 2818 2819 type group 2820 relations 2821 define member: [user] 2822 2823 type document 2824 relations 2825 define viewer: [group#member] 2826 tuples: 2827 - object: document:1 2828 relation: viewer 2829 user: group:x#member 2830 - object: group:x 2831 relation: member 2832 user: user:aardvark 2833 checkAssertions: 2834 - tuple: 2835 object: document:1 2836 relation: viewer 2837 user: group:x#member 2838 expectation: true 2839 - tuple: 2840 object: document:1 2841 relation: viewer 2842 user: user:aardvark 2843 expectation: true 2844 listObjectsAssertions: 2845 - request: 2846 user: group:x#member 2847 type: document 2848 relation: viewer 2849 expectation: 2850 - document:1 2851 - request: 2852 user: user:aardvark 2853 type: document 2854 relation: viewer 2855 expectation: 2856 - document:1 2857 listUsersAssertions: 2858 - request: 2859 filters: 2860 - user 2861 object: document:1 2862 relation: viewer 2863 expectation: 2864 - user:aardvark 2865 - request: 2866 filters: 2867 - group#member 2868 object: document:1 2869 relation: viewer 2870 expectation: 2871 - group:x#member 2872 - name: wildcard_direct 2873 stages: 2874 - model: | 2875 model 2876 schema 1.1 2877 type user 2878 2879 type document 2880 relations 2881 define viewer: [user, user:*] 2882 tuples: 2883 - object: document:public 2884 relation: viewer 2885 user: user:* 2886 - object: document:public 2887 relation: viewer 2888 user: user:jon 2889 checkAssertions: 2890 - tuple: 2891 object: document:public 2892 relation: viewer 2893 user: user:aardvark 2894 expectation: true 2895 - tuple: 2896 object: document:public 2897 relation: viewer 2898 user: user:* 2899 expectation: true 2900 listObjectsAssertions: 2901 - request: 2902 user: user:aardvark 2903 type: document 2904 relation: viewer 2905 expectation: 2906 - document:public 2907 - request: 2908 user: user:* 2909 type: document 2910 relation: viewer 2911 expectation: 2912 - document:public 2913 listUsersAssertions: 2914 - request: 2915 filters: 2916 - user 2917 object: document:public 2918 relation: viewer 2919 expectation: 2920 - user:* 2921 - user:jon 2922 - name: prior_type_restrictions_ignored 2923 stages: 2924 - model: | 2925 model 2926 schema 1.1 2927 type user 2928 2929 type document 2930 relations 2931 define viewer: [user] 2932 tuples: 2933 - object: document:1 2934 relation: viewer 2935 user: user:jon 2936 checkAssertions: 2937 - tuple: 2938 object: document:1 2939 relation: viewer 2940 user: user:jon 2941 expectation: true 2942 listObjectsAssertions: 2943 - request: 2944 user: user:jon 2945 type: document 2946 relation: viewer 2947 expectation: 2948 - document:1 2949 listUsersAssertions: 2950 - request: 2951 filters: 2952 - user 2953 object: document:1 2954 relation: viewer 2955 expectation: 2956 - user:jon 2957 - model: | 2958 model 2959 schema 1.1 2960 type user 2961 type employee 2962 2963 type document 2964 relations 2965 define viewer: [employee] 2966 checkAssertions: 2967 - tuple: 2968 object: document:1 2969 relation: viewer 2970 user: user:jon 2971 expectation: false 2972 listObjectsAssertions: 2973 - request: 2974 user: user:jon 2975 type: document 2976 relation: viewer 2977 expectation: 2978 listUsersAssertions: 2979 - request: 2980 filters: 2981 - user 2982 object: document:1 2983 relation: viewer 2984 expectation: 2985 - name: prior_type_restrictions_ignored_with_wildcard 2986 stages: 2987 - model: | 2988 model 2989 schema 1.1 2990 type user 2991 type document 2992 relations 2993 define viewer: [user:*] 2994 tuples: 2995 - object: document:1 2996 relation: viewer 2997 user: user:* 2998 checkAssertions: 2999 - tuple: 3000 object: document:1 3001 relation: viewer 3002 user: user:jon 3003 expectation: true 3004 listObjectsAssertions: 3005 - request: 3006 user: user:jon 3007 type: document 3008 relation: viewer 3009 expectation: 3010 - document:1 3011 listUsersAssertions: 3012 - request: 3013 filters: 3014 - user 3015 object: document:1 3016 relation: viewer 3017 expectation: 3018 - user:* 3019 - model: | 3020 model 3021 schema 1.1 3022 type user 3023 type document 3024 relations 3025 define viewer: [user] 3026 checkAssertions: 3027 - tuple: 3028 object: document:1 3029 relation: viewer 3030 user: user:jon 3031 expectation: false 3032 listObjectsAssertions: 3033 - request: 3034 user: user:jon 3035 type: document 3036 relation: viewer 3037 expectation: 3038 listUsersAssertions: 3039 - request: 3040 filters: 3041 - user 3042 object: document:1 3043 relation: viewer 3044 expectation: 3045 3046 - name: wildcard_computed_userset 3047 stages: 3048 - model: | 3049 model 3050 schema 1.1 3051 type user 3052 type document 3053 relations 3054 define writer: [user:*] 3055 define viewer: [user] or writer 3056 tuples: 3057 - object: document:public 3058 relation: writer 3059 user: user:* 3060 - object: document:public 3061 relation: viewer 3062 user: user:jon 3063 checkAssertions: 3064 - tuple: 3065 object: document:public 3066 relation: viewer 3067 user: user:aardvark 3068 expectation: true 3069 listObjectsAssertions: 3070 - request: 3071 user: user:aardvark 3072 type: document 3073 relation: viewer 3074 expectation: 3075 - document:public 3076 listUsersAssertions: 3077 - request: 3078 filters: 3079 - user 3080 object: document:public 3081 relation: viewer 3082 expectation: 3083 - user:* 3084 - user:jon 3085 - request: 3086 filters: 3087 - user 3088 object: document:public 3089 relation: writer 3090 expectation: 3091 - user:* 3092 - request: 3093 filters: 3094 - user 3095 object: document:notfound 3096 relation: writer 3097 expectation: 3098 - name: check_with_invalid_tuple_in_store 3099 stages: 3100 - model: | 3101 model 3102 schema 1.1 3103 type user 3104 type folder 3105 relations 3106 define viewer: [user] 3107 3108 type document 3109 relations 3110 define parent: [folder] 3111 define viewer: [user] or viewer from parent 3112 tuples: 3113 - object: folder:x 3114 relation: viewer 3115 user: user:aardvark 3116 - object: document:1 3117 relation: parent 3118 user: folder:x 3119 checkAssertions: 3120 - tuple: 3121 object: document:1 3122 relation: viewer 3123 user: user:aardvark 3124 expectation: true 3125 listObjectsAssertions: 3126 - request: 3127 user: user:aardvark 3128 type: document 3129 relation: viewer 3130 expectation: 3131 - document:1 3132 listUsersAssertions: 3133 - request: 3134 filters: 3135 - user 3136 object: document:1 3137 relation: viewer 3138 expectation: 3139 - user:aardvark 3140 - model: | 3141 model 3142 schema 1.1 3143 type user 3144 type document 3145 relations 3146 define viewer: [user] 3147 checkAssertions: 3148 - tuple: 3149 object: document:1 3150 relation: viewer 3151 user: user:aardvark 3152 expectation: false 3153 listObjectsAssertions: 3154 - request: 3155 user: user:aardvark 3156 type: document 3157 relation: viewer 3158 expectation: 3159 listUsersAssertions: 3160 - request: 3161 filters: 3162 - user 3163 object: document:1 3164 relation: viewer 3165 expectation: 3166 - name: this_with_contextual_tuples 3167 stages: 3168 - model: | 3169 model 3170 schema 1.1 3171 type user 3172 3173 type document 3174 relations 3175 define viewer: [user] 3176 tuples: 3177 - object: document:1 3178 relation: viewer 3179 user: user:aardvark 3180 checkAssertions: 3181 - tuple: 3182 object: document:1 3183 relation: viewer 3184 user: user:aardvark 3185 expectation: true 3186 listObjectsAssertions: 3187 - request: 3188 user: user:aardvark 3189 type: document 3190 relation: viewer 3191 expectation: 3192 - document:1 3193 listUsersAssertions: 3194 - request: 3195 filters: 3196 - user 3197 object: document:1 3198 relation: viewer 3199 expectation: 3200 - user:aardvark 3201 - name: wildcard_and_userset_restriction 3202 stages: 3203 - model: | 3204 model 3205 schema 1.1 3206 type user 3207 type user2 3208 type group 3209 relations 3210 define member: [user2] 3211 type document 3212 relations 3213 define viewer: [user:*, group#member] 3214 tuples: 3215 - object: document:public 3216 relation: viewer 3217 user: user:* 3218 - object: document:public 3219 relation: viewer 3220 user: group:fga#member 3221 - object: group:fga 3222 relation: member 3223 user: user2:bob 3224 checkAssertions: 3225 - tuple: 3226 object: document:public 3227 relation: viewer 3228 user: user2:bob 3229 expectation: true 3230 listObjectsAssertions: 3231 - request: 3232 user: user2:bob 3233 type: document 3234 relation: viewer 3235 expectation: 3236 - document:public 3237 listUsersAssertions: 3238 - request: 3239 filters: 3240 - user 3241 object: document:public 3242 relation: viewer 3243 expectation: 3244 - user:* 3245 - request: 3246 filters: 3247 - user2 3248 object: document:public 3249 relation: viewer 3250 expectation: 3251 - user2:bob 3252 - request: 3253 filters: 3254 - group#member 3255 object: document:public 3256 relation: viewer 3257 expectation: 3258 - group:fga#member 3259 - name: wildcard_obeys_the_types_in_stages 3260 stages: 3261 - model: | 3262 model 3263 schema 1.1 3264 type user 3265 3266 type employee 3267 3268 type document 3269 relations 3270 define writer: [employee:*] 3271 define viewer: [user] or writer 3272 tuples: 3273 - object: document:1 3274 relation: writer 3275 user: employee:* 3276 checkAssertions: 3277 - tuple: 3278 object: document:1 3279 relation: viewer 3280 user: user:aardvark 3281 expectation: false 3282 - tuple: 3283 object: document:1 3284 relation: viewer 3285 user: employee:badger 3286 expectation: true 3287 listObjectsAssertions: 3288 - request: 3289 user: user:aardvark 3290 type: document 3291 relation: viewer 3292 expectation: 3293 - request: 3294 user: employee:badger 3295 type: document 3296 relation: viewer 3297 expectation: 3298 - document:1 3299 listUsersAssertions: 3300 - request: 3301 filters: 3302 - user 3303 object: document:1 3304 relation: viewer 3305 expectation: 3306 - request: 3307 filters: 3308 - employee 3309 object: document:1 3310 relation: viewer 3311 expectation: 3312 - employee:* 3313 - request: 3314 filters: 3315 - employee 3316 object: document:1 3317 relation: writer 3318 expectation: 3319 - employee:* 3320 - model: | 3321 model 3322 schema 1.1 3323 type user 3324 3325 type employee 3326 type document 3327 relations 3328 define writer: [user:*] 3329 define viewer: [user] or writer 3330 checkAssertions: 3331 - tuple: 3332 object: document:1 3333 relation: viewer 3334 user: user:aardvark 3335 expectation: false 3336 - tuple: 3337 object: document:1 3338 relation: viewer 3339 user: employee:badger 3340 expectation: false 3341 listObjectsAssertions: 3342 - request: 3343 user: user:aardvark 3344 type: document 3345 relation: viewer 3346 expectation: 3347 - request: 3348 user: employee:badger 3349 type: document 3350 relation: viewer 3351 expectation: 3352 listUsersAssertions: 3353 - request: 3354 filters: 3355 - user 3356 object: document:1 3357 relation: viewer 3358 expectation: 3359 - request: 3360 filters: 3361 - employee 3362 object: document:1 3363 relation: viewer 3364 expectation: 3365 - request: 3366 filters: 3367 - employee 3368 object: document:1 3369 relation: writer 3370 expectation: 3371 - name: validation_relation_not_in_model 3372 stages: 3373 - model: | 3374 model 3375 schema 1.1 3376 type user 3377 checkAssertions: 3378 - tuple: 3379 object: user:aardvark 3380 relation: viewer 3381 user: user:badger 3382 errorCode: 2000 3383 listObjectsAssertions: 3384 - request: 3385 user: user:badger 3386 type: user 3387 relation: viewer 3388 errorCode: 2022 3389 listUsersAssertions: 3390 - request: 3391 filters: 3392 - user 3393 object: user:aardvark 3394 relation: viewer #non-existent relation on type user 3395 errorCode: 2022 # ErrorCode_validation_error 3396 3397 - name: validation_type_not_in_model 3398 stages: 3399 - model: | 3400 model 3401 schema 1.1 3402 type user 3403 type document 3404 relations 3405 define viewer: [user] 3406 listObjectsAssertions: 3407 - request: 3408 user: user:badger 3409 type: group #non-existent 3410 relation: viewer 3411 errorCode: 2021 3412 listUsersAssertions: 3413 - request: 3414 filters: 3415 - user 3416 object: group:fga #non-existent type 3417 relation: viewer 3418 errorCode: 2021 3419 3420 - name: validation_user_type_not_in_model 3421 stages: 3422 - model: | 3423 model 3424 schema 1.1 3425 type user 3426 type document 3427 relations 3428 define viewer: [user] 3429 checkAssertions: 3430 - tuple: 3431 object: document:1 3432 relation: viewer 3433 user: folder:x 3434 errorCode: 2000 3435 listObjectsAssertions: 3436 - request: 3437 user: folder:x 3438 type: document 3439 relation: viewer 3440 errorCode: 2000 3441 listUsersAssertions: 3442 - request: 3443 filters: 3444 - folder #non-existent type 3445 object: document:1 3446 relation: viewer 3447 errorCode: 2021 3448 3449 - name: validation_userset_type_not_in_model 3450 stages: 3451 - model: | 3452 model 3453 schema 1.1 3454 type user 3455 type document 3456 relations 3457 define viewer: [user] 3458 checkAssertions: 3459 - tuple: 3460 object: document:1 3461 relation: viewer 3462 user: folder:x#writer 3463 errorCode: 2000 3464 listObjectsAssertions: 3465 - request: 3466 user: folder:x#writer 3467 type: document 3468 relation: viewer 3469 errorCode: 2000 3470 listUsersAssertions: 3471 - request: 3472 filters: 3473 - folder#writer #non-existent type & relation 3474 object: document:1 3475 relation: viewer 3476 errorCode: 2021 3477 - name: validation_userset_relation_not_in_model 3478 stages: 3479 - model: | 3480 model 3481 schema 1.1 3482 type user 3483 type document 3484 relations 3485 define viewer: [user] 3486 checkAssertions: 3487 - tuple: 3488 object: document:1 3489 relation: viewer 3490 user: document:x#writer 3491 errorCode: 2000 3492 listObjectsAssertions: 3493 - request: 3494 user: document:x#writer 3495 type: document 3496 relation: viewer 3497 errorCode: 2000 3498 listUsersAssertions: 3499 - request: 3500 filters: 3501 - document#writer #non-existent relation 3502 object: document:1 3503 relation: viewer 3504 errorCode: 2022 # ErrorCode_validation_error 3505 - name: validation_user_invalid 3506 stages: 3507 - model: | 3508 model 3509 schema 1.1 3510 type user 3511 type document 3512 relations 3513 define viewer: [user] 3514 checkAssertions: 3515 - tuple: 3516 object: document:1 3517 relation: viewer 3518 user: a:b:c 3519 errorCode: 2000 3520 listObjectsAssertions: 3521 - request: 3522 user: a:b:c 3523 type: document 3524 relation: viewer 3525 errorCode: 2000 3526 3527 - name: validation_invalid_object_type_in_contextual_tuple 3528 stages: 3529 - model: | 3530 model 3531 schema 1.1 3532 type user 3533 type document 3534 relations 3535 define viewer: [user] 3536 checkAssertions: 3537 - tuple: 3538 object: document:1 3539 relation: viewer 3540 user: user:aardvark 3541 contextualTuples: 3542 - object: folder:x #invalid 3543 relation: viewer 3544 user: user:aardvark 3545 errorCode: 2027 3546 listObjectsAssertions: 3547 - request: 3548 user: user:aardvark 3549 type: document 3550 relation: viewer 3551 contextualTuples: 3552 - object: folder:x #invalid 3553 relation: viewer 3554 user: user:aardvark 3555 errorCode: 2027 3556 listUsersAssertions: 3557 - request: 3558 filters: 3559 - user 3560 object: document:1 3561 relation: viewer 3562 contextualTuples: 3563 - object: folder:x #invalid 3564 relation: viewer 3565 user: user:aardvark 3566 errorCode: 2027 # ErrorCode_invalid_tuple 3567 3568 - name: validation_invalid_relation_in_contextual_tuple 3569 stages: 3570 - model: | 3571 model 3572 schema 1.1 3573 type user 3574 type document 3575 relations 3576 define viewer: [user] 3577 checkAssertions: 3578 - tuple: 3579 object: document:1 3580 relation: viewer 3581 user: user:aardvark 3582 contextualTuples: 3583 - object: document:1 3584 relation: writer #invalid 3585 user: user:aardvark 3586 errorCode: 2027 3587 listObjectsAssertions: 3588 - request: 3589 user: user:aardvark 3590 type: document 3591 relation: viewer 3592 contextualTuples: 3593 - object: document:1 3594 relation: writer #invalid 3595 user: user:aardvark 3596 errorCode: 2027 3597 listUsersAssertions: 3598 - request: 3599 filters: 3600 - user 3601 object: document:1 3602 relation: viewer 3603 contextualTuples: 3604 - object: document:1 3605 relation: writer #invalid 3606 user: user:aardvark 3607 errorCode: 2027 # ErrorCode_invalid_tuple 3608 3609 - name: validation_invalid_user_in_contextual_tuple 3610 stages: 3611 - model: | 3612 model 3613 schema 1.1 3614 type user 3615 type document 3616 relations 3617 define viewer: [user] 3618 checkAssertions: 3619 - tuple: 3620 object: document:1 3621 relation: viewer 3622 user: user:aardvark 3623 contextualTuples: 3624 - object: document:1 3625 relation: viewer 3626 user: employee:aardvark #invalid 3627 errorCode: 2027 3628 listObjectsAssertions: 3629 - request: 3630 user: user:aardvark 3631 type: document 3632 relation: viewer 3633 contextualTuples: 3634 - object: document:1 3635 relation: viewer 3636 user: employee:aardvark #invalid 3637 errorCode: 2027 3638 listUsersAssertions: 3639 - request: 3640 filters: 3641 - user 3642 object: document:1 3643 relation: viewer 3644 contextualTuples: 3645 - object: document:1 3646 relation: viewer 3647 user: employee:aardvark #invalid 3648 errorCode: 2027 # ErrorCode_invalid_tuple 3649 - name: validation_invalid_userset_in_contextual_tuple 3650 stages: 3651 - model: | 3652 model 3653 schema 1.1 3654 type user 3655 type group 3656 relations 3657 define member: [user] 3658 type document 3659 relations 3660 define viewer: [user, group#member] 3661 checkAssertions: 3662 - tuple: 3663 object: document:1 3664 relation: viewer 3665 user: user:aardvark 3666 contextualTuples: 3667 - object: document:1 3668 relation: viewer 3669 user: group:fga#undefined #invalid 3670 errorCode: 2027 3671 listObjectsAssertions: 3672 - request: 3673 user: user:aardvark 3674 type: document 3675 relation: viewer 3676 contextualTuples: 3677 - object: document:1 3678 relation: viewer 3679 user: group:fga#undefined #invalid 3680 errorCode: 2027 3681 listUsersAssertions: 3682 - request: 3683 filters: 3684 - user 3685 object: document:1 3686 relation: viewer 3687 contextualTuples: 3688 - object: document:1 3689 relation: viewer 3690 user: group:fga#undefined #invalid 3691 errorCode: 2027 # ErrorCode_invalid_tuple 3692 - name: validation_invalid_wildcard_in_contextual_tuple 3693 stages: 3694 - model: | 3695 model 3696 schema 1.1 3697 type user 3698 type document 3699 relations 3700 define viewer: [user] 3701 checkAssertions: 3702 - tuple: 3703 object: document:1 3704 relation: viewer 3705 user: user:aardvark 3706 contextualTuples: 3707 - object: document:1 3708 relation: viewer 3709 user: user:* #invalid 3710 errorCode: 2027 3711 listObjectsAssertions: 3712 - request: 3713 user: user:aardvark 3714 type: document 3715 relation: viewer 3716 contextualTuples: 3717 - object: document:1 3718 relation: viewer 3719 user: user:* #invalid 3720 errorCode: 2027 3721 listUsersAssertions: 3722 - request: 3723 filters: 3724 - user 3725 object: document:1 3726 relation: viewer 3727 contextualTuples: 3728 - object: document:1 3729 relation: viewer 3730 user: user:* #invalid 3731 errorCode: 2027 # ErrorCode_invalid_tuple 3732 - name: val_contextual_tuples_and_wildcard_in_ttu_evaluation 3733 stages: 3734 - model: | 3735 model 3736 schema 1.1 3737 type user 3738 type folder 3739 relations 3740 define viewer: [user] 3741 type document 3742 relations 3743 define parent: [folder] 3744 define viewer: viewer from parent 3745 checkAssertions: 3746 - tuple: 3747 object: document:1 3748 relation: viewer 3749 user: user:aardvark 3750 contextualTuples: 3751 - object: document:1 3752 relation: parent 3753 user: user:* #invalid 3754 errorCode: 2027 3755 listObjectsAssertions: 3756 - request: 3757 user: user:aardvark 3758 type: document 3759 relation: viewer 3760 contextualTuples: 3761 - object: document:1 3762 relation: parent 3763 user: user:* #invalid 3764 errorCode: 2027 3765 listUsersAssertions: 3766 - request: 3767 filters: 3768 - user 3769 object: document:1 3770 relation: viewer 3771 contextualTuples: 3772 - object: document:1 3773 relation: parent 3774 user: user:* #invalid 3775 errorCode: 2027 # ErrorCode_invalid_tuple 3776 - name: list_objects_considers_input_contextual_tuples 3777 stages: 3778 - model: | #concurrent checks 3779 model 3780 schema 1.1 3781 type user 3782 type repo 3783 relations 3784 define blocked: [user] 3785 define owner: [user] but not blocked 3786 tuples: 3787 - user: user:a 3788 relation: owner 3789 object: repo:1 3790 listObjectsAssertions: 3791 - contextualTuples: 3792 - user: user:a 3793 relation: owner 3794 object: repo:2 3795 - user: user:a 3796 relation: owner 3797 object: repo:3 3798 request: 3799 user: user:a 3800 type: repo 3801 relation: owner 3802 expectation: 3803 - repo:1 3804 - repo:2 3805 - repo:3 3806 listUsersAssertions: 3807 - request: 3808 filters: 3809 - user 3810 object: repo:2 3811 relation: owner 3812 contextualTuples: 3813 - user: user:a 3814 relation: owner 3815 object: repo:2 3816 expectation: 3817 - user:a 3818 - request: 3819 filters: 3820 - user 3821 object: repo:1 3822 relation: owner 3823 contextualTuples: 3824 - user: user:a 3825 relation: blocked 3826 object: repo:1 3827 expectation: 3828 - model: | #reverse expansion 3829 model 3830 schema 1.1 3831 type user 3832 type repo 3833 relations 3834 define owner: [user] 3835 listObjectsAssertions: 3836 - contextualTuples: 3837 - user: user:a 3838 relation: owner 3839 object: repo:2 3840 - user: user:a 3841 relation: owner 3842 object: repo:3 3843 request: 3844 user: user:a 3845 type: repo 3846 relation: owner 3847 expectation: 3848 - repo:1 3849 - repo:2 3850 - repo:3 3851 listUsersAssertions: 3852 - request: 3853 filters: 3854 - user 3855 object: repo:1 3856 relation: owner 3857 contextualTuples: 3858 - user: user:aardvark 3859 relation: owner 3860 object: repo:1 3861 expectation: 3862 - user:a 3863 - user:aardvark 3864 - name: ignores_irrelevant_contextual_tuples_because_different_user 3865 stages: 3866 - model: | #concurrent checks 3867 model 3868 schema 1.1 3869 type user 3870 type repo 3871 relations 3872 define blocked: [user] 3873 define owner: [user] but not blocked 3874 tuples: 3875 - user: user:a 3876 relation: owner 3877 object: repo:1 3878 listObjectsAssertions: 3879 - contextualTuples: 3880 - user: user:b #different user 3881 relation: owner 3882 object: repo:2 3883 request: 3884 user: user:a 3885 type: repo 3886 relation: owner 3887 expectation: 3888 - repo:1 3889 listUsersAssertions: 3890 - request: 3891 filters: 3892 - user 3893 object: repo:1 3894 relation: owner 3895 contextualTuples: 3896 - user: user:a 3897 relation: owner 3898 object: repo:2 #different repo 3899 expectation: 3900 - user:a 3901 - model: | #reverse expansion 3902 model 3903 schema 1.1 3904 type user 3905 type team 3906 relations 3907 define member: [user] 3908 type repo 3909 relations 3910 define owner: [user, team#member] 3911 listObjectsAssertions: 3912 - contextualTuples: 3913 - user: user:b #different user 3914 relation: owner 3915 object: repo:2 3916 request: 3917 user: user:a 3918 type: repo 3919 relation: owner 3920 expectation: 3921 - repo:1 3922 - name: ignores_irrelevant_contextual_tuples_because_different_type 3923 stages: 3924 - model: | #concurrent checks 3925 model 3926 schema 1.1 3927 type user 3928 type repo 3929 relations 3930 define blocked: [user] 3931 define owner: [user] but not blocked 3932 type organization 3933 relations 3934 define blocked: [user] 3935 define owner: [user] but not blocked 3936 tuples: 3937 - user: user:a 3938 relation: owner 3939 object: repo:1 3940 listObjectsAssertions: 3941 - contextualTuples: 3942 - user: user:a 3943 relation: owner 3944 object: organization:1 #different type, should be ignored 3945 request: 3946 user: user:a 3947 type: repo 3948 relation: owner 3949 expectation: 3950 - repo:1 3951 listUsersAssertions: 3952 - request: 3953 filters: 3954 - user 3955 object: repo:1 3956 relation: owner 3957 contextualTuples: 3958 - user: user:a 3959 relation: owner 3960 object: organization:1 #different type, should be ignored 3961 expectation: 3962 - user:a 3963 - model: | #reverse expansion 3964 model 3965 schema 1.1 3966 type user 3967 type repo 3968 relations 3969 define owner: [user] 3970 type organization 3971 relations 3972 define owner: [user] 3973 listObjectsAssertions: 3974 - contextualTuples: 3975 - user: user:a 3976 relation: owner 3977 object: organization:1 #different type, should be ignored 3978 request: 3979 user: user:a 3980 type: repo 3981 relation: owner 3982 expectation: 3983 - repo:1 3984 listUsersAssertions: 3985 - request: 3986 filters: 3987 - user 3988 object: repo:1 3989 relation: owner 3990 contextualTuples: 3991 - user: user:a 3992 relation: owner 3993 object: organization:1 #different type than filter, should be ignored 3994 expectation: 3995 - user:a 3996 - name: list_objects_ignores_irrelevant_tuples_because_different_user 3997 stages: 3998 - model: | # concurrent checks 3999 model 4000 schema 1.1 4001 type user 4002 type repo 4003 relations 4004 define blocked: [user] 4005 define owner: [user] but not blocked 4006 tuples: 4007 - user: user:a 4008 relation: owner 4009 object: repo:1 4010 - user: user:aa #same prefix, but different user 4011 relation: owner 4012 object: repo:2 4013 listObjectsAssertions: 4014 - request: 4015 user: user:a 4016 type: repo 4017 relation: owner 4018 expectation: 4019 - repo:1 4020 listUsersAssertions: 4021 - request: 4022 filters: 4023 - user 4024 object: repo:1 4025 relation: owner 4026 expectation: 4027 - user:a 4028 - request: 4029 filters: 4030 - user 4031 object: repo:2 4032 relation: owner 4033 expectation: 4034 - user:aa 4035 - model: | #reverse expansion 4036 model 4037 schema 1.1 4038 type user 4039 type repo 4040 relations 4041 define owner: [user] 4042 listObjectsAssertions: 4043 - request: 4044 user: user:a 4045 type: repo 4046 relation: owner 4047 expectation: 4048 - repo:1 4049 listUsersAssertions: 4050 - request: 4051 filters: 4052 - user 4053 object: repo:1 4054 relation: owner 4055 expectation: 4056 - user:a 4057 - name: list_objects_ignores_duplicate_contextual_tuples 4058 stages: 4059 - model: | # concurrent checks 4060 model 4061 schema 1.1 4062 type user 4063 type repo 4064 relations 4065 define blocked: [user] 4066 define owner: [user] but not blocked 4067 tuples: 4068 - user: user:a 4069 relation: owner 4070 object: repo:1 4071 listObjectsAssertions: 4072 - contextualTuples: 4073 - user: user:a 4074 relation: owner 4075 object: repo:2 4076 - user: user:a #same as above 4077 relation: owner 4078 object: repo:2 4079 request: 4080 user: user:a 4081 type: repo 4082 relation: owner 4083 expectation: 4084 - repo:1 4085 - repo:2 4086 listUsersAssertions: 4087 - request: 4088 filters: 4089 - user 4090 object: repo:2 4091 relation: owner 4092 contextualTuples: 4093 - user: user:a 4094 relation: owner 4095 object: repo:2 4096 - user: user:a #same as above 4097 relation: owner 4098 object: repo:2 4099 expectation: 4100 - user:a 4101 - model: | # reverse expansion 4102 model 4103 schema 1.1 4104 type user 4105 type repo 4106 relations 4107 define owner: [user] 4108 listObjectsAssertions: 4109 - contextualTuples: 4110 - user: user:a 4111 relation: owner 4112 object: repo:2 4113 - user: user:a # same as above 4114 relation: owner 4115 object: repo:2 4116 request: 4117 user: user:a 4118 type: repo 4119 relation: owner 4120 expectation: 4121 - repo:1 4122 - repo:2 4123 listUsersAssertions: 4124 - request: 4125 filters: 4126 - user 4127 object: repo:2 4128 relation: owner 4129 contextualTuples: 4130 - user: user:a 4131 relation: owner 4132 object: repo:2 4133 - user: user:a # same as above 4134 relation: owner 4135 object: repo:2 4136 expectation: 4137 - user:a 4138 - name: error_if_contextual_tuples_do_not_follow_type_restrictions 4139 stages: 4140 - model: | # concurrent checks 4141 model 4142 schema 1.1 4143 type user 4144 type repo 4145 relations 4146 define blocked: [user] 4147 define owner: [user] but not blocked 4148 type organization 4149 relations 4150 define blocked: [user] 4151 define owner: [user] but not blocked 4152 tuples: 4153 - user: user:a 4154 relation: owner 4155 object: repo:1 4156 listObjectsAssertions: 4157 - contextualTuples: 4158 - user: user:* #not allowed 4159 relation: owner 4160 object: organization:1 4161 request: 4162 user: user:a 4163 type: repo 4164 relation: owner 4165 errorCode: 2027 4166 listUsersAssertions: 4167 - request: 4168 filters: 4169 - user 4170 object: repo:1 4171 relation: owner 4172 contextualTuples: 4173 - user: user:* #not allowed 4174 relation: owner 4175 object: organization:1 4176 errorCode: 2027 # ErrorCode_invalid_tuple 4177 - model: | # reverse expansion 4178 model 4179 schema 1.1 4180 type user 4181 type repo 4182 relations 4183 define owner: [user] 4184 type organization 4185 relations 4186 define owner: [user] 4187 listObjectsAssertions: 4188 - contextualTuples: 4189 - user: user:* #not allowed 4190 relation: owner 4191 object: organization:1 4192 request: 4193 user: user:a 4194 type: repo 4195 relation: owner 4196 errorCode: 2027 4197 listUsersAssertions: 4198 - request: 4199 filters: 4200 - user 4201 object: repo:1 4202 relation: owner 4203 contextualTuples: 4204 - user: user:* #not allowed 4205 relation: owner 4206 object: organization:1 4207 errorCode: 2027 # ErrorCode_invalid_tuple 4208 - name: list_objects_error_if_unknown_type_in_request 4209 stages: 4210 - model: | # concurrent checks 4211 model 4212 schema 1.1 4213 type user 4214 type repo 4215 relations 4216 define blocked: [user] 4217 define owner: [user] but not blocked 4218 listObjectsAssertions: 4219 - request: 4220 user: user:a 4221 type: unknown 4222 relation: owner 4223 errorCode: 2021 # type 'unknown' not found 4224 - model: | # reverse expansion 4225 model 4226 schema 1.1 4227 type user 4228 type repo 4229 relations 4230 define owner: [user] 4231 listObjectsAssertions: 4232 - request: 4233 user: user:a 4234 type: unknown 4235 relation: owner 4236 errorCode: 2021 # type 'unknown' not found 4237 - name: list_objects_error_if_unknown_relation_in_request 4238 stages: 4239 - model: | # concurrent checks 4240 model 4241 schema 1.1 4242 type user 4243 type repo 4244 relations 4245 define blocked: [user] 4246 define owner: [user] but not blocked 4247 listObjectsAssertions: 4248 - request: 4249 user: user:a 4250 type: repo 4251 relation: unknown 4252 errorCode: 2022 # relation 'unknown' not found 4253 - model: | # reverse expansion 4254 model 4255 schema 1.1 4256 type user 4257 type repo 4258 relations 4259 define owner: [user] 4260 listObjectsAssertions: 4261 - request: 4262 user: user:a 4263 type: repo 4264 relation: unknown 4265 errorCode: 2022 # relation 'unknown' not found 4266 - name: relations_not_defined_in_some_child_type 4267 stages: 4268 - model: | 4269 model 4270 schema 1.1 4271 type user 4272 type folder 4273 relations 4274 define owner: [user] 4275 define writer: [user,user:*] or owner 4276 type document 4277 relations 4278 define can_read: writer from parent 4279 define parent: [document,folder] 4280 define viewer: [user,user:*] 4281 tuples: 4282 - user: user:anne 4283 relation: owner 4284 object: folder:a 4285 - user: folder:a 4286 relation: parent 4287 object: document:c 4288 - user: document:c 4289 relation: parent 4290 object: document:d 4291 checkAssertions: 4292 - tuple: 4293 user: user:anne 4294 relation: can_read 4295 object: document:c 4296 expectation: true 4297 listObjectsAssertions: 4298 - request: 4299 user: user:anne 4300 type: document 4301 relation: can_read 4302 expectation: 4303 - document:c 4304 listUsersAssertions: 4305 - request: 4306 filters: 4307 - user 4308 object: document:c 4309 relation: can_read 4310 expectation: 4311 - user:anne 4312 4313 # https://github.com/openfga/openfga/issues/576 4314 - name: same_relation_name_different_type 4315 stages: 4316 - model: | 4317 model 4318 schema 1.1 4319 type user 4320 type folder 4321 relations 4322 define owner: [user] 4323 define viewer: [user, user:*] or owner 4324 type document 4325 relations 4326 define can_read: viewer from parent 4327 define parent: [document, folder] 4328 define viewer: [user, user:*] 4329 tuples: 4330 - user: user:anne 4331 relation: owner 4332 object: folder:a 4333 - user: folder:a 4334 relation: parent 4335 object: document:c 4336 - user: document:c 4337 relation: parent 4338 object: document:d 4339 checkAssertions: 4340 - tuple: 4341 user: user:anne 4342 relation: can_read 4343 object: document:c 4344 expectation: true 4345 - tuple: 4346 user: user:anne 4347 relation: can_read 4348 object: document:d 4349 expectation: false 4350 listObjectsAssertions: 4351 - request: 4352 user: user:anne 4353 type: document 4354 relation: can_read 4355 expectation: 4356 #document:d is not expected 4357 - document:c 4358 listUsersAssertions: 4359 - request: 4360 filters: 4361 - user 4362 object: document:c 4363 relation: can_read 4364 expectation: 4365 - user:anne 4366 - name: computed_user_indirect_ref 4367 stages: 4368 - model: | 4369 model 4370 schema 1.1 4371 type user 4372 type folder 4373 relations 4374 define parent: [folder] 4375 define viewer: [user] or viewer from parent 4376 define can_view: viewer 4377 type document 4378 relations 4379 define can_read: can_view from parent 4380 define parent: [document, folder] 4381 define viewer: [user] 4382 tuples: 4383 - user: user:anne 4384 relation: viewer 4385 object: folder:a 4386 - user: folder:a 4387 relation: parent 4388 object: folder:b 4389 - user: folder:b 4390 relation: parent 4391 object: document:c 4392 - user: document:c 4393 relation: parent 4394 object: document:d 4395 checkAssertions: 4396 - tuple: 4397 user: user:anne 4398 relation: can_view 4399 object: folder:a 4400 expectation: true 4401 - tuple: 4402 user: user:anne 4403 relation: can_view 4404 object: folder:b 4405 expectation: true 4406 - tuple: 4407 user: user:anne 4408 relation: can_read 4409 object: document:c 4410 expectation: true 4411 - tuple: 4412 user: user:anne 4413 relation: can_read 4414 object: document:d 4415 expectation: false 4416 listObjectsAssertions: 4417 - request: 4418 user: user:anne 4419 type: folder 4420 relation: can_view 4421 expectation: 4422 - folder:a 4423 - folder:b 4424 - request: 4425 user: user:anne 4426 type: document 4427 relation: can_read 4428 expectation: 4429 - document:c 4430 listUsersAssertions: 4431 - request: 4432 filters: 4433 - user 4434 object: document:c 4435 relation: can_read 4436 expectation: 4437 - user:anne 4438 - request: 4439 filters: 4440 - user 4441 object: folder:a 4442 relation: can_view 4443 expectation: 4444 - user:anne 4445 - request: 4446 filters: 4447 - user 4448 object: folder:b 4449 relation: can_view 4450 expectation: 4451 - user:anne 4452 - name: computed_user_indirect_ref_extra_indirection 4453 stages: 4454 - model: | 4455 model 4456 schema 1.1 4457 type user 4458 type folder 4459 relations 4460 define owner: [user] or owner from parent 4461 define parent: [folder] 4462 define viewer: [user] or owner or viewer from parent 4463 define can_view: viewer 4464 type document 4465 relations 4466 define can_read: can_view from parent 4467 define parent: [document, folder] 4468 define viewer: [user, user:*] 4469 tuples: 4470 - user: user:anne 4471 relation: owner 4472 object: folder:a 4473 - user: folder:a 4474 relation: parent 4475 object: folder:b 4476 - user: folder:b 4477 relation: parent 4478 object: document:c 4479 - user: document:c 4480 relation: parent 4481 object: document:d 4482 checkAssertions: 4483 - tuple: 4484 user: user:anne 4485 relation: can_view 4486 object: folder:a 4487 expectation: true 4488 - tuple: 4489 user: user:anne 4490 relation: can_view 4491 object: folder:b 4492 expectation: true 4493 - tuple: 4494 user: user:anne 4495 relation: can_read 4496 object: document:c 4497 expectation: true 4498 - tuple: 4499 user: user:anne 4500 relation: can_read 4501 object: document:d 4502 expectation: false 4503 listObjectsAssertions: 4504 - request: 4505 user: user:anne 4506 type: folder 4507 relation: can_view 4508 expectation: 4509 - folder:a 4510 - folder:b 4511 - request: 4512 user: user:anne 4513 type: document 4514 relation: can_read 4515 expectation: 4516 - document:c 4517 listUsersAssertions: 4518 - request: 4519 filters: 4520 - user 4521 object: document:c 4522 relation: can_read 4523 expectation: 4524 - user:anne 4525 - request: 4526 filters: 4527 - user 4528 object: folder:a 4529 relation: can_view 4530 expectation: 4531 - user:anne 4532 - request: 4533 filters: 4534 - user 4535 object: folder:b 4536 relation: can_view 4537 expectation: 4538 - user:anne 4539 - name: three_prong_relation 4540 stages: 4541 - model: | 4542 model 4543 schema 1.1 4544 type user 4545 type module 4546 relations 4547 define owner: [user] or owner from parent 4548 define parent: [document, module] 4549 define viewer: [user] or owner or viewer from parent 4550 type folder 4551 relations 4552 define owner: [user] or owner from parent 4553 define parent: [module, folder] 4554 define viewer: [user] or owner or viewer from parent 4555 type document 4556 relations 4557 define owner: [user] or owner from parent 4558 define parent: [folder, document] 4559 define viewer: [user] or owner or viewer from parent 4560 tuples: 4561 - user: user:anne 4562 relation: owner 4563 object: module:a 4564 - user: module:a 4565 relation: parent 4566 object: folder:a 4567 - user: folder:a 4568 relation: parent 4569 object: document:a 4570 - user: document:a 4571 relation: parent 4572 object: module:b 4573 - user: module:b 4574 relation: parent 4575 object: folder:b 4576 - user: folder:b 4577 relation: parent 4578 object: document:b 4579 checkAssertions: 4580 - tuple: 4581 user: user:anne 4582 relation: viewer 4583 object: module:a 4584 expectation: true 4585 - tuple: 4586 user: user:anne 4587 relation: viewer 4588 object: module:b 4589 expectation: true 4590 - tuple: 4591 user: user:anne 4592 relation: viewer 4593 object: folder:a 4594 expectation: true 4595 - tuple: 4596 user: user:anne 4597 relation: viewer 4598 object: folder:b 4599 expectation: true 4600 - tuple: 4601 user: user:anne 4602 relation: viewer 4603 object: document:a 4604 expectation: true 4605 - tuple: 4606 user: user:anne 4607 relation: viewer 4608 object: document:b 4609 expectation: true 4610 listObjectsAssertions: 4611 - request: 4612 user: user:anne 4613 type: folder 4614 relation: viewer 4615 expectation: 4616 - folder:a 4617 - folder:b 4618 - request: 4619 user: user:anne 4620 type: document 4621 relation: viewer 4622 expectation: 4623 - document:a 4624 - document:b 4625 - request: 4626 user: user:anne 4627 type: module 4628 relation: viewer 4629 expectation: 4630 - module:a 4631 - module:b 4632 listUsersAssertions: 4633 - request: 4634 filters: 4635 - user 4636 object: folder:a 4637 relation: viewer 4638 expectation: 4639 - user:anne 4640 - request: 4641 filters: 4642 - user 4643 object: folder:b 4644 relation: viewer 4645 expectation: 4646 - user:anne 4647 - request: 4648 filters: 4649 - user 4650 object: document:a 4651 relation: viewer 4652 expectation: 4653 - user:anne 4654 - request: 4655 filters: 4656 - user 4657 object: document:b 4658 relation: viewer 4659 expectation: 4660 - user:anne 4661 - request: 4662 filters: 4663 - user 4664 object: module:a 4665 relation: viewer 4666 expectation: 4667 - user:anne 4668 - request: 4669 filters: 4670 - user 4671 object: module:b 4672 relation: viewer 4673 expectation: 4674 - user:anne 4675 - name: three_prong_relation_loop 4676 stages: 4677 - model: | 4678 model 4679 schema 1.1 4680 type user 4681 type module 4682 relations 4683 define owner: [user] or owner from parent 4684 define parent: [document, module] 4685 define viewer: [user] or owner or viewer from parent 4686 type folder 4687 relations 4688 define owner: [user] or owner from parent 4689 define parent: [module, folder] 4690 define viewer: [user] or owner or viewer from parent 4691 type document 4692 relations 4693 define owner: [user] or owner from parent 4694 define parent: [folder, document] 4695 define viewer: [user] or owner or viewer from parent 4696 tuples: 4697 - user: user:anne 4698 relation: owner 4699 object: module:a 4700 - user: module:a 4701 relation: parent 4702 object: folder:a 4703 - user: folder:a 4704 relation: parent 4705 object: document:a 4706 - user: document:a 4707 relation: parent 4708 object: module:b 4709 - user: module:b 4710 relation: parent 4711 object: folder:b 4712 - user: folder:b 4713 relation: parent 4714 object: document:b 4715 - user: document:b 4716 relation: parent 4717 object: module:a 4718 checkAssertions: 4719 - tuple: 4720 user: user:anne 4721 relation: viewer 4722 object: module:a 4723 expectation: true 4724 - tuple: 4725 user: user:anne 4726 relation: viewer 4727 object: module:b 4728 expectation: true 4729 - tuple: 4730 user: user:anne 4731 relation: viewer 4732 object: folder:a 4733 expectation: true 4734 - tuple: 4735 user: user:anne 4736 relation: viewer 4737 object: folder:b 4738 expectation: true 4739 - tuple: 4740 user: user:anne 4741 relation: viewer 4742 object: document:a 4743 expectation: true 4744 - tuple: 4745 user: user:anne 4746 relation: viewer 4747 object: document:b 4748 expectation: true 4749 listObjectsAssertions: 4750 - request: 4751 user: user:anne 4752 type: folder 4753 relation: viewer 4754 expectation: 4755 - folder:a 4756 - folder:b 4757 - request: 4758 user: user:anne 4759 type: document 4760 relation: viewer 4761 expectation: 4762 - document:a 4763 - document:b 4764 - request: 4765 user: user:anne 4766 type: module 4767 relation: viewer 4768 expectation: 4769 - module:a 4770 - module:b 4771 listUsersAssertions: 4772 - request: 4773 filters: 4774 - user 4775 object: folder:a 4776 relation: viewer 4777 expectation: 4778 - user:anne 4779 - request: 4780 filters: 4781 - user 4782 object: folder:b 4783 relation: viewer 4784 expectation: 4785 - user:anne 4786 - request: 4787 filters: 4788 - user 4789 object: document:a 4790 relation: viewer 4791 expectation: 4792 - user:anne 4793 - request: 4794 filters: 4795 - user 4796 object: document:b 4797 relation: viewer 4798 expectation: 4799 - user:anne 4800 - request: 4801 filters: 4802 - user 4803 object: module:a 4804 relation: viewer 4805 expectation: 4806 - user:anne 4807 - request: 4808 filters: 4809 - user 4810 object: module:b 4811 relation: viewer 4812 expectation: 4813 - user:anne 4814 - name: three_prong_relation_possible_exclusion 4815 stages: 4816 - model: | 4817 model 4818 schema 1.1 4819 type user 4820 type module 4821 relations 4822 define owner: [user] or has_owned from parent 4823 define parent: [document, module] 4824 define has_owned: owner 4825 define viewer: [user] or has_owned or viewer from parent 4826 type folder 4827 relations 4828 define owner: [user] or has_owned from parent 4829 define parent: [module, folder] 4830 define has_owned: owner 4831 define viewer: [user] or has_owned or viewer from parent 4832 type document 4833 relations 4834 define banned: [user] 4835 define owner: [user] or has_owned from parent 4836 define has_owned: owner but not banned 4837 define parent: [folder, document] 4838 define viewer: [user] or has_owned or viewer from parent 4839 tuples: 4840 - user: user:anne 4841 relation: owner 4842 object: module:a 4843 - user: module:a 4844 relation: parent 4845 object: folder:a 4846 - user: folder:a 4847 relation: parent 4848 object: document:a 4849 - user: document:a 4850 relation: parent 4851 object: module:b 4852 - user: module:b 4853 relation: parent 4854 object: folder:b 4855 - user: folder:b 4856 relation: parent 4857 object: document:b 4858 checkAssertions: 4859 - tuple: 4860 user: user:anne 4861 relation: viewer 4862 object: module:a 4863 expectation: true 4864 - tuple: 4865 user: user:anne 4866 relation: viewer 4867 object: module:b 4868 expectation: true 4869 - tuple: 4870 user: user:anne 4871 relation: viewer 4872 object: folder:a 4873 expectation: true 4874 - tuple: 4875 user: user:anne 4876 relation: viewer 4877 object: folder:b 4878 expectation: true 4879 - tuple: 4880 user: user:anne 4881 relation: viewer 4882 object: document:a 4883 expectation: true 4884 - tuple: 4885 user: user:anne 4886 relation: viewer 4887 object: document:b 4888 expectation: true 4889 listObjectsAssertions: 4890 - request: 4891 user: user:anne 4892 type: folder 4893 relation: viewer 4894 expectation: 4895 - folder:a 4896 - folder:b 4897 - request: 4898 user: user:anne 4899 type: document 4900 relation: viewer 4901 expectation: 4902 - document:a 4903 - document:b 4904 - request: 4905 user: user:anne 4906 type: module 4907 relation: viewer 4908 expectation: 4909 - module:a 4910 - module:b 4911 listUsersAssertions: 4912 - request: 4913 filters: 4914 - user 4915 object: folder:a 4916 relation: viewer 4917 expectation: 4918 - user:anne 4919 - request: 4920 filters: 4921 - user 4922 object: folder:b 4923 relation: viewer 4924 expectation: 4925 - user:anne 4926 - request: 4927 filters: 4928 - user 4929 object: document:a 4930 relation: viewer 4931 expectation: 4932 - user:anne 4933 - request: 4934 filters: 4935 - user 4936 object: document:b 4937 relation: viewer 4938 expectation: 4939 - user:anne 4940 - request: 4941 filters: 4942 - user 4943 object: module:a 4944 relation: viewer 4945 expectation: 4946 - user:anne 4947 - request: 4948 filters: 4949 - user 4950 object: module:b 4951 relation: viewer 4952 expectation: 4953 - user:anne 4954 - name: computed_user_multi_route 4955 stages: 4956 - model: | 4957 model 4958 schema 1.1 4959 type user 4960 type folder 4961 relations 4962 define owner: [user] or owner from parent 4963 define can_modify: owner 4964 define parent: [folder] 4965 define viewer: [user] or can_modify or viewer from parent 4966 define can_view: viewer 4967 type document 4968 relations 4969 define can_read: can_view from parent or can_modify from parent 4970 define parent: [document, folder] 4971 define viewer: [user, user:*] 4972 tuples: 4973 - user: user:anne 4974 relation: owner 4975 object: folder:a 4976 - user: folder:a 4977 relation: parent 4978 object: folder:b 4979 - user: folder:b 4980 relation: parent 4981 object: document:c 4982 - user: document:c 4983 relation: parent 4984 object: document:d 4985 checkAssertions: 4986 - tuple: 4987 user: user:anne 4988 relation: can_view 4989 object: folder:a 4990 expectation: true 4991 - tuple: 4992 user: user:anne 4993 relation: can_view 4994 object: folder:b 4995 expectation: true 4996 - tuple: 4997 user: user:anne 4998 relation: can_read 4999 object: document:c 5000 expectation: true 5001 - tuple: 5002 user: user:anne 5003 relation: can_read 5004 object: document:d 5005 expectation: false 5006 listObjectsAssertions: 5007 - request: 5008 user: user:anne 5009 type: folder 5010 relation: can_view 5011 expectation: 5012 - folder:a 5013 - folder:b 5014 - request: 5015 user: user:anne 5016 type: document 5017 relation: can_read 5018 expectation: 5019 - document:c 5020 listUsersAssertions: 5021 - request: 5022 filters: 5023 - user 5024 object: folder:a 5025 relation: can_view 5026 expectation: 5027 - user:anne 5028 - request: 5029 filters: 5030 - user 5031 object: folder:b 5032 relation: can_view 5033 expectation: 5034 - user:anne 5035 - request: 5036 filters: 5037 - user 5038 object: document:c 5039 relation: can_read 5040 expectation: 5041 - user:anne 5042 - name: computed_user_indirect_ref_same_rel_name 5043 stages: 5044 - model: | 5045 model 5046 schema 1.1 5047 type user 5048 type folder 5049 relations 5050 define owner: [user] or owner from parent 5051 define parent: [folder] 5052 define viewer: [user] or owner or viewer from parent 5053 define can_view: viewer 5054 type document 5055 relations 5056 define can_view: can_view from parent 5057 define parent: [document, folder] 5058 define viewer: [user, user:*] 5059 tuples: 5060 - user: user:anne 5061 relation: owner 5062 object: folder:a 5063 - user: folder:a 5064 relation: parent 5065 object: folder:b 5066 - user: folder:b 5067 relation: parent 5068 object: document:c 5069 - user: document:c 5070 relation: parent 5071 object: document:d 5072 checkAssertions: 5073 - tuple: 5074 user: user:anne 5075 relation: can_view 5076 object: folder:a 5077 expectation: true 5078 - tuple: 5079 user: user:anne 5080 relation: can_view 5081 object: folder:b 5082 expectation: true 5083 - tuple: 5084 user: user:anne 5085 relation: can_view 5086 object: document:c 5087 expectation: true 5088 - tuple: 5089 user: user:anne 5090 relation: can_view 5091 object: document:d 5092 expectation: true 5093 listObjectsAssertions: 5094 - request: 5095 user: user:anne 5096 type: folder 5097 relation: can_view 5098 expectation: 5099 - folder:a 5100 - folder:b 5101 - request: 5102 user: user:anne 5103 type: document 5104 relation: can_view 5105 expectation: 5106 - document:c 5107 - document:d 5108 listUsersAssertions: 5109 - request: 5110 filters: 5111 - user 5112 object: folder:a 5113 relation: can_view 5114 expectation: 5115 - user:anne 5116 - request: 5117 filters: 5118 - user 5119 object: folder:b 5120 relation: can_view 5121 expectation: 5122 - user:anne 5123 - request: 5124 filters: 5125 - user 5126 object: document:c 5127 relation: can_view 5128 expectation: 5129 - user:anne 5130 - request: 5131 filters: 5132 - user 5133 object: document:d 5134 relation: can_view 5135 expectation: 5136 - user:anne 5137 - name: computed_user_indirect_ref_wildcard 5138 stages: 5139 - model: | 5140 model 5141 schema 1.1 5142 type user 5143 type folder 5144 relations 5145 define parent: [folder] 5146 define viewer: [user, user:*] or viewer from parent 5147 define can_view: viewer 5148 type document 5149 relations 5150 define can_read: can_view from parent 5151 define parent: [document, folder] 5152 define viewer: [user, user:*] 5153 tuples: 5154 - user: user:* 5155 relation: viewer 5156 object: folder:a 5157 - user: folder:a 5158 relation: parent 5159 object: folder:b 5160 - user: folder:b 5161 relation: parent 5162 object: document:c 5163 - user: document:c 5164 relation: parent 5165 object: document:d 5166 checkAssertions: 5167 - tuple: 5168 user: user:anne 5169 relation: can_view 5170 object: folder:a 5171 expectation: true 5172 - tuple: 5173 user: user:anne 5174 relation: can_view 5175 object: folder:b 5176 expectation: true 5177 - tuple: 5178 user: user:anne 5179 relation: can_read 5180 object: document:c 5181 expectation: true 5182 - tuple: 5183 user: user:anne 5184 relation: can_read 5185 object: document:d 5186 expectation: false 5187 listObjectsAssertions: 5188 - request: 5189 user: user:anne 5190 type: folder 5191 relation: can_view 5192 expectation: 5193 - folder:a 5194 - folder:b 5195 - request: 5196 user: user:anne 5197 type: document 5198 relation: can_read 5199 expectation: 5200 - document:c 5201 listUsersAssertions: 5202 - request: 5203 filters: 5204 - user 5205 object: folder:a 5206 relation: can_view 5207 expectation: 5208 - user:* 5209 - request: 5210 filters: 5211 - user 5212 object: folder:b 5213 relation: can_view 5214 expectation: 5215 - user:* 5216 - request: 5217 filters: 5218 - user 5219 object: document:c 5220 relation: can_read 5221 expectation: 5222 - user:* 5223 - name: computed_user_indirect_ref_extra_indirection_wildcard 5224 stages: 5225 - model: | 5226 model 5227 schema 1.1 5228 type user 5229 type folder 5230 relations 5231 define owner: [user, user:*] or owner from parent 5232 define parent: [folder] 5233 define viewer: [user, user:*] or owner or viewer from parent 5234 define can_view: viewer 5235 type document 5236 relations 5237 define can_read: can_view from parent 5238 define parent: [document, folder] 5239 define viewer: [user, user:*] 5240 tuples: 5241 - user: user:* 5242 relation: owner 5243 object: folder:a 5244 - user: folder:a 5245 relation: parent 5246 object: folder:b 5247 - user: folder:b 5248 relation: parent 5249 object: document:c 5250 - user: document:c 5251 relation: parent 5252 object: document:d 5253 checkAssertions: 5254 - tuple: 5255 user: user:anne 5256 relation: can_view 5257 object: folder:a 5258 expectation: true 5259 - tuple: 5260 user: user:anne 5261 relation: can_view 5262 object: folder:b 5263 expectation: true 5264 - tuple: 5265 user: user:anne 5266 relation: can_read 5267 object: document:c 5268 expectation: true 5269 - tuple: 5270 user: user:anne 5271 relation: can_read 5272 object: document:d 5273 expectation: false 5274 listObjectsAssertions: 5275 - request: 5276 user: user:anne 5277 type: folder 5278 relation: can_view 5279 expectation: 5280 - folder:a 5281 - folder:b 5282 - request: 5283 user: user:anne 5284 type: document 5285 relation: can_read 5286 expectation: 5287 - document:c 5288 listUsersAssertions: 5289 - request: 5290 filters: 5291 - user 5292 object: document:c 5293 relation: can_read 5294 expectation: 5295 - user:* 5296 - request: 5297 filters: 5298 - user 5299 object: folder:a 5300 relation: can_view 5301 expectation: 5302 - user:* 5303 - request: 5304 filters: 5305 - user 5306 object: folder:b 5307 relation: can_view 5308 expectation: 5309 - user:* 5310 - name: two_level_computed_user_indirect_ref 5311 stages: 5312 - model: | 5313 model 5314 schema 1.1 5315 type user 5316 type folder 5317 relations 5318 define parent: [folder] 5319 define viewer: [user] or viewer from parent 5320 define can_look: viewer 5321 define can_view: can_look 5322 5323 type document 5324 relations 5325 define can_read: can_view from parent 5326 define parent: [document, folder] 5327 define viewer: [user] 5328 tuples: 5329 - user: user:anne 5330 relation: viewer 5331 object: folder:a 5332 - user: folder:a 5333 relation: parent 5334 object: folder:b 5335 - user: folder:b 5336 relation: parent 5337 object: document:c 5338 - user: document:c 5339 relation: parent 5340 object: document:d 5341 checkAssertions: 5342 - tuple: 5343 user: user:anne 5344 relation: can_view 5345 object: folder:a 5346 expectation: true 5347 - tuple: 5348 user: user:anne 5349 relation: can_view 5350 object: folder:b 5351 expectation: true 5352 - tuple: 5353 user: user:anne 5354 relation: can_read 5355 object: document:c 5356 expectation: true 5357 - tuple: 5358 user: user:anne 5359 relation: can_read 5360 object: document:d 5361 expectation: false 5362 listObjectsAssertions: 5363 - request: 5364 user: user:anne 5365 type: folder 5366 relation: can_view 5367 expectation: 5368 - folder:a 5369 - folder:b 5370 - request: 5371 user: user:anne 5372 type: document 5373 relation: can_read 5374 expectation: 5375 - document:c 5376 listUsersAssertions: 5377 - request: 5378 filters: 5379 - user 5380 object: folder:a 5381 relation: can_view 5382 expectation: 5383 - user:anne 5384 - request: 5385 filters: 5386 - user 5387 object: folder:b 5388 relation: can_view 5389 expectation: 5390 - user:anne 5391 - request: 5392 filters: 5393 - user 5394 object: document:c 5395 relation: can_read 5396 expectation: 5397 - user:anne 5398 - name: ttu_and_computed_ttu 5399 stages: 5400 - model: | 5401 model 5402 schema 1.1 5403 type user 5404 type group 5405 relations 5406 define member: [user] 5407 type folder 5408 relations 5409 define can_view: viewer or can_view from parent 5410 define parent: [folder] 5411 define viewer: [group#member] 5412 type document 5413 relations 5414 define parent: [folder] 5415 define viewer: can_view from parent 5416 tuples: 5417 - user: user:anne 5418 relation: member 5419 object: group:fga 5420 - user: group:fga#member 5421 relation: viewer 5422 object: folder:a 5423 - user: folder:a 5424 relation: parent 5425 object: folder:b 5426 - user: folder:a 5427 relation: parent 5428 object: document:b 5429 checkAssertions: 5430 - tuple: 5431 user: user:anne 5432 relation: can_view 5433 object: folder:a 5434 expectation: true 5435 - tuple: 5436 user: user:anne 5437 relation: can_view 5438 object: folder:b 5439 expectation: true 5440 - tuple: 5441 user: user:anne 5442 relation: viewer 5443 object: document:b 5444 expectation: true 5445 listObjectsAssertions: 5446 - request: 5447 user: user:anne 5448 type: folder 5449 relation: can_view 5450 expectation: 5451 - folder:a 5452 - folder:b 5453 - request: 5454 user: user:anne 5455 type: document 5456 relation: viewer 5457 expectation: 5458 - document:b 5459 listUsersAssertions: 5460 - request: 5461 filters: 5462 - user 5463 object: folder:a 5464 relation: can_view 5465 expectation: 5466 - user:anne 5467 - request: 5468 filters: 5469 - user 5470 object: folder:b 5471 relation: can_view 5472 expectation: 5473 - user:anne 5474 - request: 5475 filters: 5476 - user 5477 object: document:b 5478 relation: viewer 5479 expectation: 5480 - user:anne 5481 - name: ttu_and_computed_ttu_wildcard 5482 stages: 5483 - model: | 5484 model 5485 schema 1.1 5486 type user 5487 type group 5488 relations 5489 define member: [user, user:*] 5490 type folder 5491 relations 5492 define can_view: viewer or can_view from parent 5493 define parent: [folder] 5494 define viewer: [group#member] 5495 type document 5496 relations 5497 define parent: [folder] 5498 define viewer: can_view from parent 5499 tuples: 5500 - user: user:* 5501 relation: member 5502 object: group:fga 5503 - user: group:fga#member 5504 relation: viewer 5505 object: folder:a 5506 - user: folder:a 5507 relation: parent 5508 object: folder:b 5509 - user: folder:a 5510 relation: parent 5511 object: document:b 5512 checkAssertions: 5513 - tuple: 5514 user: user:anne 5515 relation: can_view 5516 object: folder:a 5517 expectation: true 5518 - tuple: 5519 user: user:anne 5520 relation: can_view 5521 object: folder:b 5522 expectation: true 5523 - tuple: 5524 user: user:anne 5525 relation: viewer 5526 object: document:b 5527 expectation: true 5528 listObjectsAssertions: 5529 - request: 5530 user: user:anne 5531 type: folder 5532 relation: can_view 5533 expectation: 5534 - folder:a 5535 - folder:b 5536 - request: 5537 user: user:anne 5538 type: document 5539 relation: viewer 5540 expectation: 5541 - document:b 5542 listUsersAssertions: 5543 - request: 5544 filters: 5545 - user 5546 object: folder:a 5547 relation: can_view 5548 expectation: 5549 - user:* 5550 - request: 5551 filters: 5552 - group#member 5553 object: folder:a 5554 relation: can_view 5555 expectation: 5556 - group:fga#member 5557 - request: 5558 filters: 5559 - user 5560 object: folder:b 5561 relation: can_view 5562 expectation: 5563 - user:* 5564 - request: 5565 filters: 5566 - user 5567 object: document:b 5568 relation: viewer 5569 expectation: 5570 - user:* 5571 - name: ttu_ttu_and_computed_ttu 5572 stages: 5573 - model: | 5574 model 5575 schema 1.1 5576 type user 5577 type group 5578 relations 5579 define member: [user] 5580 type module 5581 relations 5582 define can_view: viewer or can_view from parent 5583 define parent: [module] 5584 define viewer: [group#member] 5585 type folder 5586 relations 5587 define parent: [module, folder] 5588 define can_view: can_view from parent 5589 type document 5590 relations 5591 define parent: [folder] 5592 define viewer: can_view from parent 5593 tuples: 5594 - user: user:anne 5595 relation: member 5596 object: group:fga 5597 - user: group:fga#member 5598 relation: viewer 5599 object: module:a 5600 - user: module:a 5601 relation: parent 5602 object: folder:a 5603 - user: folder:a 5604 relation: parent 5605 object: folder:b 5606 - user: folder:a 5607 relation: parent 5608 object: document:b 5609 checkAssertions: 5610 - tuple: 5611 user: user:anne 5612 relation: can_view 5613 object: folder:a 5614 expectation: true 5615 - tuple: 5616 user: user:anne 5617 relation: can_view 5618 object: folder:b 5619 expectation: true 5620 - tuple: 5621 user: user:anne 5622 relation: viewer 5623 object: document:b 5624 expectation: true 5625 listObjectsAssertions: 5626 - request: 5627 user: user:anne 5628 type: folder 5629 relation: can_view 5630 expectation: 5631 - folder:a 5632 - folder:b 5633 - request: 5634 user: user:anne 5635 type: document 5636 relation: viewer 5637 expectation: 5638 - document:b 5639 listUsersAssertions: 5640 - request: 5641 filters: 5642 - user 5643 object: folder:a 5644 relation: can_view 5645 expectation: 5646 - user:anne 5647 - request: 5648 filters: 5649 - user 5650 object: folder:b 5651 relation: can_view 5652 expectation: 5653 - user:anne 5654 - request: 5655 filters: 5656 - group#member 5657 object: folder:a 5658 relation: can_view 5659 expectation: 5660 - group:fga#member 5661 - name: contextual_tuple_ref_relation_disjoint 5662 stages: 5663 - model: | 5664 model 5665 schema 1.1 5666 type user 5667 type company 5668 relations 5669 define admin: [user] 5670 define management: [user] 5671 define employee: [user] or admin 5672 type group 5673 relations 5674 define corp: [company] 5675 define member: employee from corp 5676 type document 5677 relations 5678 define viewer: [group#member] 5679 type diagram 5680 relations 5681 define parent: [document] 5682 define viewer: viewer from parent 5683 tuples: 5684 - object: company:abc 5685 relation: management 5686 user: user:anne 5687 - object: group:fga 5688 relation: corp 5689 user: company:abc 5690 - object: document:a 5691 relation: viewer 5692 user: group:fga#member 5693 - object: diagram:a 5694 relation: parent 5695 user: document:a 5696 checkAssertions: 5697 - tuple: 5698 user: user:anne 5699 relation: viewer 5700 object: document:a 5701 expectation: false 5702 - tuple: 5703 user: user:anne 5704 relation: viewer 5705 object: diagram:a 5706 expectation: false 5707 listObjectsAssertions: 5708 - request: 5709 user: user:anne 5710 type: document 5711 relation: viewer 5712 expectation: 5713 - request: 5714 user: user:anne 5715 type: diagram 5716 relation: viewer 5717 expectation: 5718 listUsersAssertions: 5719 - request: 5720 filters: 5721 - user 5722 object: diagram:a 5723 relation: viewer 5724 expectation: 5725 - request: 5726 filters: 5727 - group#member 5728 object: diagram:a 5729 relation: viewer 5730 expectation: 5731 - group:fga#member 5732 - name: reverse_expand_relation_not_match 5733 stages: 5734 - model: | 5735 model 5736 schema 1.1 5737 type user 5738 type company 5739 relations 5740 define admin: [user] 5741 define management: [user] 5742 define employee: [user] or admin 5743 type group 5744 relations 5745 define observer: [company] 5746 define owner: [company] 5747 define admin: admin from owner 5748 define member: employee from owner 5749 type document 5750 relations 5751 define owner: [group] 5752 define viewer: member from owner or observer from owner 5753 tuples: 5754 - object: company:abc 5755 relation: employee 5756 user: user:anne 5757 - object: document:a 5758 relation: owner 5759 user: group:fga 5760 - object: group:fga 5761 relation: observer 5762 user: company:abc 5763 checkAssertions: 5764 - tuple: 5765 user: user:anne 5766 relation: viewer 5767 object: document:a 5768 expectation: false 5769 listObjectsAssertions: 5770 - request: 5771 user: user:anne 5772 type: document 5773 relation: viewer 5774 expectation: 5775 listUsersAssertions: 5776 - request: 5777 filters: 5778 - user 5779 object: document:a 5780 relation: viewer 5781 expectation: 5782 - request: 5783 filters: 5784 - group#member 5785 object: document:a 5786 relation: viewer 5787 expectation: 5788 - group:fga#member 5789 - request: 5790 filters: 5791 - group#member 5792 object: document:b 5793 relation: viewer 5794 expectation: 5795 - name: exclusion_for_some_relations 5796 stages: 5797 - model: | 5798 model 5799 schema 1.1 5800 type user 5801 type group 5802 relations 5803 define member: [user] 5804 type folder 5805 relations 5806 define owner: [group] 5807 define viewer: member from owner 5808 type document 5809 relations 5810 define banned: [user] 5811 define owner: [folder] 5812 define viewer: viewer from owner 5813 define can_view: viewer but not banned 5814 define can_see: can_view 5815 tuples: 5816 - user: user:anne 5817 relation: member 5818 object: group:fga 5819 - user: group:fga 5820 relation: owner 5821 object: folder:a 5822 - user: folder:a 5823 relation: owner 5824 object: document:a 5825 checkAssertions: 5826 - tuple: 5827 user: user:anne 5828 relation: viewer 5829 object: document:a 5830 expectation: true 5831 - tuple: 5832 user: user:anne 5833 relation: can_view 5834 object: document:a 5835 expectation: true 5836 - tuple: 5837 user: user:anne 5838 relation: can_see 5839 object: document:a 5840 expectation: true 5841 listObjectsAssertions: 5842 - request: 5843 user: user:anne 5844 type: document 5845 relation: viewer 5846 expectation: 5847 - document:a 5848 - request: 5849 user: user:anne 5850 type: document 5851 relation: can_view 5852 expectation: 5853 - document:a 5854 - request: 5855 user: user:anne 5856 type: document 5857 relation: can_see 5858 expectation: 5859 - document:a 5860 listUsersAssertions: 5861 - request: 5862 filters: 5863 - user 5864 object: document:a 5865 relation: viewer 5866 expectation: 5867 - user:anne 5868 - request: 5869 filters: 5870 - user 5871 object: document:a 5872 relation: can_see 5873 expectation: 5874 - user:anne 5875 - request: 5876 filters: 5877 - user 5878 object: document:a 5879 relation: can_view 5880 expectation: 5881 - user:anne 5882 - request: 5883 filters: 5884 - user 5885 object: document:a 5886 relation: can_view 5887 expectation: 5888 - user:anne 5889 - request: 5890 filters: 5891 - document#can_view 5892 object: document:a 5893 relation: can_see 5894 expectation: 5895 - document:a#can_view 5896 - request: 5897 filters: 5898 - document#viewer 5899 object: document:a 5900 relation: can_see 5901 expectation: 5902 - document:a#viewer 5903 - name: evaluate_userset_in_computed_relation_of_ttu 5904 stages: 5905 - model: | 5906 model 5907 schema 1.1 5908 type user 5909 type repo 5910 relations 5911 define owner: [organization] 5912 define reader: repo_admin from owner 5913 type organization 5914 relations 5915 define member: [user] 5916 define repo_admin: [organization#member] 5917 tuples: 5918 - user: organization:openfga 5919 relation: owner 5920 object: repo:openfga/openfga 5921 - user: organization:openfga#member 5922 relation: repo_admin 5923 object: organization:openfga 5924 - user: user:erik 5925 relation: member 5926 object: organization:openfga 5927 checkAssertions: 5928 - tuple: 5929 user: user:erik 5930 relation: reader 5931 object: repo:openfga/openfga 5932 expectation: true 5933 listObjectsAssertions: 5934 - request: 5935 user: user:erik 5936 type: repo 5937 relation: reader 5938 expectation: 5939 - repo:openfga/openfga 5940 listUsersAssertions: 5941 - request: 5942 filters: 5943 - user 5944 object: repo:openfga/openfga 5945 relation: reader 5946 expectation: 5947 - user:erik 5948 - request: 5949 filters: 5950 - organization#member 5951 object: repo:openfga/openfga 5952 relation: reader 5953 expectation: 5954 - organization:openfga#member 5955 - request: 5956 filters: 5957 - organization#member 5958 object: repo:unknown 5959 relation: reader 5960 expectation: 5961 - name: nested_ttu_involving_intersection 5962 stages: 5963 - model: | 5964 model 5965 schema 1.1 5966 type user 5967 type organization 5968 relations 5969 define member: [user] 5970 define viewer: [user] and member 5971 type folder 5972 relations 5973 define parent: [organization] 5974 define viewer: viewer from parent 5975 type document 5976 relations 5977 define parent: [folder] 5978 define viewer: viewer from parent 5979 define can_view: viewer 5980 tuples: 5981 - user: user:jon 5982 relation: member 5983 object: organization:openfga 5984 - user: user:jon 5985 relation: viewer 5986 object: organization:openfga 5987 - user: organization:openfga 5988 relation: parent 5989 object: folder:X 5990 - user: folder:X 5991 relation: parent 5992 object: document:1 5993 checkAssertions: 5994 - tuple: 5995 user: user:jon 5996 relation: viewer 5997 object: document:1 5998 expectation: true 5999 - tuple: 6000 user: user:jon 6001 relation: can_view 6002 object: document:1 6003 expectation: true 6004 listObjectsAssertions: 6005 - request: 6006 user: user:jon 6007 type: document 6008 relation: viewer 6009 expectation: 6010 - document:1 6011 - request: 6012 user: user:jon 6013 type: document 6014 relation: can_view 6015 expectation: 6016 - document:1 6017 listUsersAssertions: 6018 - request: 6019 filters: 6020 - user 6021 object: document:1 6022 relation: viewer 6023 expectation: 6024 - user:jon 6025 - request: 6026 filters: 6027 - user 6028 object: document:1 6029 relation: can_view 6030 expectation: 6031 - user:jon 6032 - request: 6033 filters: 6034 - organization 6035 object: document:1 6036 relation: can_view 6037 expectation: 6038 - request: 6039 filters: 6040 - folder 6041 object: document:1 6042 relation: can_view 6043 expectation: 6044 - name: nested_ttu_involving_exclusion 6045 stages: 6046 - model: | 6047 model 6048 schema 1.1 6049 type user 6050 type organization 6051 relations 6052 define restricted: [user] 6053 define viewer: [user] but not restricted 6054 type folder 6055 relations 6056 define parent: [organization] 6057 define viewer: viewer from parent 6058 type document 6059 relations 6060 define parent: [folder] 6061 define viewer: viewer from parent 6062 define can_view: viewer 6063 tuples: 6064 - user: user:bob 6065 relation: restricted 6066 object: organization:openfga 6067 - user: user:jon 6068 relation: viewer 6069 object: organization:openfga 6070 - user: organization:openfga 6071 relation: parent 6072 object: folder:X 6073 - user: folder:X 6074 relation: parent 6075 object: document:1 6076 checkAssertions: 6077 - tuple: 6078 user: user:jon 6079 relation: viewer 6080 object: document:1 6081 expectation: true 6082 - tuple: 6083 user: user:bob 6084 relation: viewer 6085 object: document:1 6086 expectation: false 6087 - tuple: 6088 user: user:jon 6089 relation: can_view 6090 object: document:1 6091 expectation: true 6092 - tuple: 6093 user: user:bob 6094 relation: can_view 6095 object: document:1 6096 expectation: false 6097 listObjectsAssertions: 6098 - request: 6099 user: user:jon 6100 type: document 6101 relation: viewer 6102 expectation: 6103 - document:1 6104 - request: 6105 user: user:bob 6106 type: document 6107 relation: viewer 6108 expectation: 6109 - request: 6110 user: user:jon 6111 type: document 6112 relation: can_view 6113 expectation: 6114 - document:1 6115 - request: 6116 user: user:bob 6117 type: document 6118 relation: can_view 6119 expectation: 6120 listUsersAssertions: 6121 - request: 6122 filters: 6123 - user 6124 object: document:1 6125 relation: can_view 6126 expectation: 6127 - user:jon 6128 - request: 6129 filters: 6130 - folder#viewer 6131 object: document:1 6132 relation: can_view 6133 expectation: 6134 - folder:X#viewer 6135 - request: 6136 filters: 6137 - organization#viewer 6138 object: document:1 6139 relation: can_view 6140 expectation: 6141 - organization:openfga#viewer 6142 - name: userset_with_intersection_in_computed_relation_of_ttu 6143 stages: 6144 - model: | 6145 model 6146 schema 1.1 6147 type user 6148 type repo 6149 relations 6150 define owner: [organization] 6151 define allowed: [user] 6152 define reader: repo_admin from owner and allowed 6153 define can_read: reader 6154 type organization 6155 relations 6156 define member: [user] 6157 define repo_admin: [organization#member] 6158 tuples: 6159 - user: organization:openfga 6160 relation: owner 6161 object: repo:openfga/openfga 6162 - user: organization:openfga#member 6163 relation: repo_admin 6164 object: organization:openfga 6165 - user: user:erik 6166 relation: member 6167 object: organization:openfga 6168 - user: user:jim 6169 relation: member 6170 object: organization:openfga 6171 - user: user:erik 6172 relation: allowed 6173 object: repo:openfga/openfga 6174 checkAssertions: 6175 - tuple: 6176 user: user:erik 6177 relation: reader 6178 object: repo:openfga/openfga 6179 expectation: true 6180 - tuple: 6181 user: user:jim 6182 relation: reader 6183 object: repo:openfga/openfga 6184 expectation: false 6185 - tuple: 6186 user: user:erik 6187 relation: can_read 6188 object: repo:openfga/openfga 6189 expectation: true 6190 - tuple: 6191 user: user:jim 6192 relation: can_read 6193 object: repo:openfga/openfga 6194 expectation: false 6195 listObjectsAssertions: 6196 - request: 6197 user: user:erik 6198 type: repo 6199 relation: reader 6200 expectation: 6201 - repo:openfga/openfga 6202 - request: 6203 user: user:jim 6204 type: repo 6205 relation: reader 6206 expectation: 6207 - request: 6208 user: user:erik 6209 type: repo 6210 relation: can_read 6211 expectation: 6212 - repo:openfga/openfga 6213 - request: 6214 user: user:jim 6215 type: repo 6216 relation: can_read 6217 expectation: 6218 listUsersAssertions: 6219 - request: 6220 filters: 6221 - user 6222 object: repo:openfga/openfga 6223 relation: can_read 6224 expectation: 6225 - user:erik 6226 - request: 6227 filters: 6228 - user 6229 object: repo:openfga/openfga 6230 relation: reader 6231 expectation: 6232 - user:erik 6233 - request: 6234 filters: 6235 - organization#member 6236 object: repo:openfga/openfga 6237 relation: reader 6238 expectation: 6239 - request: 6240 filters: 6241 - organization#member 6242 object: repo:openfga/openfga 6243 relation: can_read 6244 expectation: 6245 - request: 6246 filters: 6247 - repo#allowed 6248 object: repo:openfga/openfga 6249 relation: can_read 6250 expectation: 6251 - name: userset_with_exclusion_in_computed_relation_of_ttu 6252 stages: 6253 - model: | 6254 model 6255 schema 1.1 6256 type user 6257 type repo 6258 relations 6259 define owner: [organization] 6260 define restricted: [user] 6261 define reader: repo_admin from owner but not restricted 6262 define can_read: reader 6263 type organization 6264 relations 6265 define member: [user] 6266 define repo_admin: [organization#member] 6267 tuples: 6268 - user: organization:openfga 6269 relation: owner 6270 object: repo:openfga/openfga 6271 - user: organization:openfga#member 6272 relation: repo_admin 6273 object: organization:openfga 6274 - user: user:erik 6275 relation: member 6276 object: organization:openfga 6277 - user: user:jim 6278 relation: member 6279 object: organization:openfga 6280 - user: user:jim 6281 relation: restricted 6282 object: repo:openfga/openfga 6283 checkAssertions: 6284 - tuple: 6285 user: user:erik 6286 relation: reader 6287 object: repo:openfga/openfga 6288 expectation: true 6289 - tuple: 6290 user: user:jim 6291 relation: reader 6292 object: repo:openfga/openfga 6293 expectation: false 6294 - tuple: 6295 user: user:erik 6296 relation: can_read 6297 object: repo:openfga/openfga 6298 expectation: true 6299 - tuple: 6300 user: user:jim 6301 relation: can_read 6302 object: repo:openfga/openfga 6303 expectation: false 6304 listObjectsAssertions: 6305 - request: 6306 user: user:erik 6307 type: repo 6308 relation: reader 6309 expectation: 6310 - repo:openfga/openfga 6311 - request: 6312 user: user:jim 6313 type: repo 6314 relation: reader 6315 expectation: 6316 - request: 6317 user: user:erik 6318 type: repo 6319 relation: can_read 6320 expectation: 6321 - repo:openfga/openfga 6322 - request: 6323 user: user:jim 6324 type: repo 6325 relation: can_read 6326 expectation: 6327 listUsersAssertions: 6328 - request: 6329 filters: 6330 - user 6331 object: repo:openfga/openfga 6332 relation: can_read 6333 expectation: 6334 - user:erik 6335 - request: 6336 filters: 6337 - user 6338 object: repo:openfga/openfga 6339 relation: reader 6340 expectation: 6341 - user:erik 6342 - request: 6343 filters: 6344 - repo#restricted 6345 object: repo:openfga/openfga 6346 relation: can_read 6347 expectation: 6348 - name: relation_with_wildcard_involving_intersection 6349 stages: 6350 - model: | 6351 model 6352 schema 1.1 6353 type user 6354 type document 6355 relations 6356 define allowed: [user] 6357 define viewer: [user:*] and allowed 6358 define can_view: viewer 6359 tuples: 6360 - user: user:jon 6361 relation: allowed 6362 object: document:1 6363 - user: user:* 6364 relation: viewer 6365 object: document:1 6366 - user: user:* 6367 relation: viewer 6368 object: document:2 6369 checkAssertions: 6370 - tuple: 6371 user: user:jon 6372 relation: viewer 6373 object: document:1 6374 expectation: true 6375 - tuple: 6376 user: user:bob 6377 relation: viewer 6378 object: document:2 6379 expectation: false 6380 - tuple: 6381 user: user:jon 6382 relation: can_view 6383 object: document:1 6384 expectation: true 6385 - tuple: 6386 user: user:bob 6387 relation: can_view 6388 object: document:2 6389 expectation: false 6390 listObjectsAssertions: 6391 - request: 6392 user: user:jon 6393 type: document 6394 relation: viewer 6395 expectation: 6396 - document:1 6397 - request: 6398 user: user:bob 6399 type: document 6400 relation: viewer 6401 expectation: 6402 - request: 6403 user: user:jon 6404 type: document 6405 relation: can_view 6406 expectation: 6407 - document:1 6408 - request: 6409 user: user:bob 6410 type: document 6411 relation: can_view 6412 expectation: 6413 listUsersAssertions: 6414 - request: 6415 filters: 6416 - user 6417 object: document:1 6418 relation: can_view 6419 expectation: 6420 - user:jon 6421 - request: 6422 filters: 6423 - user 6424 object: document:1 6425 relation: viewer 6426 expectation: 6427 - user:jon 6428 - request: 6429 filters: 6430 - document#allowed 6431 object: document:1 6432 relation: can_view 6433 expectation: 6434 - name: relation_with_wildcard_involving_exclusion 6435 stages: 6436 - model: | 6437 model 6438 schema 1.1 6439 type user 6440 type document 6441 relations 6442 define restricted: [user] 6443 define viewer: [user:*] but not restricted 6444 define can_view: viewer 6445 tuples: 6446 - user: user:bob 6447 relation: restricted 6448 object: document:1 6449 - user: user:* 6450 relation: viewer 6451 object: document:1 6452 - user: user:* 6453 relation: viewer 6454 object: document:2 6455 checkAssertions: 6456 - tuple: 6457 user: user:jon 6458 relation: viewer 6459 object: document:1 6460 expectation: true 6461 - tuple: 6462 user: user:bob 6463 relation: viewer 6464 object: document:1 6465 expectation: false 6466 - tuple: 6467 user: user:bob 6468 relation: viewer 6469 object: document:2 6470 expectation: true 6471 - tuple: 6472 user: user:jon 6473 relation: can_view 6474 object: document:1 6475 expectation: true 6476 - tuple: 6477 user: user:bob 6478 relation: can_view 6479 object: document:1 6480 expectation: false 6481 - tuple: 6482 user: user:bob 6483 relation: can_view 6484 object: document:2 6485 expectation: true 6486 listObjectsAssertions: 6487 - request: 6488 user: user:jon 6489 type: document 6490 relation: viewer 6491 expectation: 6492 - document:1 6493 - document:2 6494 - request: 6495 user: user:bob 6496 type: document 6497 relation: viewer 6498 expectation: 6499 - document:2 6500 - request: 6501 user: user:jon 6502 type: document 6503 relation: can_view 6504 expectation: 6505 - document:1 6506 - document:2 6507 - request: 6508 user: user:bob 6509 type: document 6510 relation: can_view 6511 expectation: 6512 - document:2 6513 listUsersAssertions: 6514 - request: 6515 filters: 6516 - user 6517 object: document:1 6518 relation: can_view 6519 expectation: 6520 - user:* # TODO but user:bob doesn't have access 6521 - request: 6522 filters: 6523 - user 6524 object: document:2 6525 relation: can_view 6526 expectation: 6527 - user:* 6528 - name: relation_with_userset_involving_exclusion 6529 stages: 6530 - model: | 6531 model 6532 schema 1.1 6533 type user 6534 type group 6535 relations 6536 define member: [user] 6537 type document 6538 relations 6539 define restricted: [user] 6540 define viewer: [group#member] but not restricted 6541 define can_view: viewer 6542 tuples: 6543 - user: user:maria 6544 relation: member 6545 object: group:fga 6546 - user: user:will 6547 relation: member 6548 object: group:fga 6549 - user: group:fga#member 6550 relation: viewer 6551 object: document:1 6552 - user: user:will 6553 relation: restricted 6554 object: document:1 6555 listUsersAssertions: 6556 - request: 6557 filters: 6558 - user 6559 object: document:1 6560 relation: can_view 6561 expectation: 6562 - user:maria 6563 - request: 6564 filters: 6565 - group#member 6566 object: document:1 6567 relation: can_view 6568 expectation: 6569 - group:fga#member 6570 - name: list_objects_does_not_return_duplicates 6571 stages: 6572 - model: | #concurrent checks 6573 model 6574 schema 1.1 6575 type user 6576 type repo 6577 relations 6578 define blocked: [user] 6579 define admin: [user, user:*] but not blocked 6580 tuples: 6581 - user: user:a 6582 relation: admin 6583 object: repo:1 6584 - user: user:* #tuple grants access to the same as above 6585 relation: admin 6586 object: repo:1 6587 listObjectsAssertions: 6588 - request: 6589 user: user:a 6590 type: repo 6591 relation: admin 6592 expectation: 6593 - repo:1 6594 listUsersAssertions: 6595 - request: 6596 filters: 6597 - user 6598 object: repo:1 6599 relation: admin 6600 expectation: 6601 - user:a 6602 - user:* 6603 - model: | #reverse expansion 6604 model 6605 schema 1.1 6606 type user 6607 type repo 6608 relations 6609 define admin: [user, user:*] 6610 listObjectsAssertions: 6611 - request: 6612 user: user:a 6613 type: repo 6614 relation: admin 6615 expectation: 6616 - repo:1 6617 listUsersAssertions: 6618 - request: 6619 filters: 6620 - user 6621 object: repo:1 6622 relation: admin 6623 expectation: 6624 - user:a 6625 - user:* 6626 - name: list_objects_expands_wildcard_tuple 6627 stages: 6628 - model: | #concurrent checks 6629 model 6630 schema 1.1 6631 type user 6632 type repo 6633 relations 6634 define blocked: [user] 6635 define owner: [user, user:*] but not blocked 6636 define can_own: owner 6637 tuples: 6638 - user: user:* 6639 relation: owner 6640 object: repo:1 6641 listObjectsAssertions: 6642 - request: 6643 user: user:a 6644 type: repo 6645 relation: owner 6646 expectation: 6647 - repo:1 6648 - request: 6649 user: user:a 6650 type: repo 6651 relation: can_own 6652 expectation: 6653 - repo:1 6654 listUsersAssertions: 6655 - request: 6656 filters: 6657 - user 6658 object: repo:1 6659 relation: can_own 6660 expectation: 6661 - user:* 6662 - model: | #reverse expansion 6663 model 6664 schema 1.1 6665 type user 6666 type repo 6667 relations 6668 define owner: [user, user:*] 6669 define can_own: owner 6670 listObjectsAssertions: 6671 - request: 6672 user: user:a 6673 type: repo 6674 relation: owner 6675 expectation: 6676 - repo:1 6677 listUsersAssertions: 6678 - request: 6679 filters: 6680 - user 6681 object: repo:1 6682 relation: can_own 6683 expectation: 6684 - user:* 6685 - model: | #complex model 6686 model 6687 schema 1.1 6688 type user 6689 type folder 6690 relations 6691 define parent: [folder] 6692 define owner: [group] 6693 define folder_reader: [user, group#member] or folder_reader from owner or folder_reader from parent 6694 define blocked: [user, user:*, group#member] or nblocked from parent 6695 define unblocked: [user, group#member] 6696 define nblocked: blocked but not unblocked 6697 define allowed: [user, user:*, group#member] or allowed from parent 6698 define super_allowed: [user, group#member] or super_allowed from parent 6699 define reader: folder_reader and allowed and super_allowed 6700 define can_read: reader but not nblocked 6701 type group 6702 relations 6703 define parent: [group] 6704 define allowed: [user, group#member] or allowed from parent 6705 define super_allowed: [user, group#super_allowed] 6706 define blocked: [user, group#member] or blocked from parent 6707 define og_member: [user] or member from parent 6708 define allowed_member: og_member and allowed and super_allowed 6709 define member: allowed_member but not blocked 6710 define folder_reader: [group#member] or folder_reader from parent 6711 tuples: 6712 - user: user:anne 6713 relation: og_member 6714 object: group:marketing 6715 - user: user:anne 6716 relation: allowed 6717 object: group:marketing 6718 - user: user:anne 6719 relation: super_allowed 6720 object: group:marketing 6721 - user: user:beth 6722 relation: og_member 6723 object: group:marketing 6724 - user: user:beth 6725 relation: allowed 6726 object: group:marketing 6727 - user: user:beth 6728 relation: super_allowed 6729 object: group:marketing 6730 - user: user:carl 6731 relation: og_member 6732 object: group:marketing 6733 - user: user:carl 6734 relation: allowed 6735 object: group:marketing 6736 - user: user:dan 6737 relation: og_member 6738 object: group:marketing 6739 - user: user:dan 6740 relation: allowed 6741 object: group:marketing 6742 - user: user:dan 6743 relation: super_allowed 6744 object: group:marketing 6745 - user: user:dan 6746 relation: blocked 6747 object: group:marketing 6748 - user: user:emily 6749 relation: og_member 6750 object: group:marketing 6751 - user: user:emily 6752 relation: allowed 6753 object: group:marketing 6754 - user: user:emily 6755 relation: super_allowed 6756 object: group:marketing 6757 - user: user:gabriel 6758 relation: og_member 6759 object: group:marketing 6760 - user: user:gabriel 6761 relation: allowed 6762 object: group:marketing 6763 - user: user:gabriel 6764 relation: super_allowed 6765 object: group:marketing 6766 - user: user:harriette 6767 relation: og_member 6768 object: group:marketing 6769 - user: user:harriette 6770 relation: allowed 6771 object: group:marketing 6772 - user: user:harriette 6773 relation: super_allowed 6774 object: group:marketing 6775 - user: user:gabriel 6776 relation: og_member 6777 object: group:admin 6778 - user: user:gabriel 6779 relation: allowed 6780 object: group:admin 6781 - user: user:gabriel 6782 relation: super_allowed 6783 object: group:admin 6784 - user: group:marketing#member 6785 relation: folder_reader 6786 object: group:marketing 6787 - user: group:marketing 6788 relation: parent 6789 object: group:digitalmktg 6790 - user: group:marketing#super_allowed 6791 relation: super_allowed 6792 object: group:digitalmktg 6793 - user: group:digitalmktg 6794 relation: owner 6795 object: folder:1 6796 - user: folder:1 6797 relation: parent 6798 object: folder:2 6799 - user: folder:2 6800 relation: parent 6801 object: folder:3 6802 - user: folder:3 6803 relation: parent 6804 object: folder:4 6805 - user: folder:4 6806 relation: parent 6807 object: folder:5 6808 - user: group:marketing#member 6809 relation: allowed 6810 object: folder:1 6811 - user: group:marketing#member 6812 relation: super_allowed 6813 object: folder:1 6814 - user: user:beth 6815 relation: blocked 6816 object: folder:2 6817 - user: user:emily 6818 relation: blocked 6819 object: folder:1 6820 - user: user:emily 6821 relation: unblocked 6822 object: folder:2 6823 - user: user:gabriel 6824 relation: blocked 6825 object: folder:1 6826 - user: user:harriette 6827 relation: unblocked 6828 object: folder:5 6829 - user: user:* 6830 relation: blocked 6831 object: folder:4 6832 - user: user:* 6833 relation: allowed 6834 object: folder:4 6835 - user: group:admin#member 6836 relation: unblocked 6837 object: folder:2 6838 checkAssertions: 6839 - tuple: 6840 user: user:anne 6841 relation: can_read 6842 object: folder:3 6843 expectation: True 6844 - tuple: 6845 user: user:beth 6846 relation: can_read 6847 object: folder:3 6848 expectation: False 6849 - tuple: 6850 user: user:carl 6851 relation: can_read 6852 object: folder:3 6853 expectation: False 6854 - tuple: 6855 user: user:dan 6856 relation: can_read 6857 object: folder:3 6858 expectation: False 6859 - tuple: 6860 user: user:emily 6861 relation: can_read 6862 object: folder:3 6863 expectation: True 6864 - tuple: 6865 user: user:frida 6866 relation: can_read 6867 object: folder:3 6868 expectation: False 6869 - tuple: 6870 user: user:gabriel 6871 relation: can_read 6872 object: folder:3 6873 expectation: True 6874 - tuple: 6875 user: user:harriette 6876 relation: can_read 6877 object: folder:3 6878 expectation: True 6879 listObjectsAssertions: 6880 - request: 6881 user: user:anne 6882 relation: can_read 6883 type: folder 6884 expectation: 6885 - folder:1 6886 - folder:2 6887 - folder:3 6888 - request: 6889 user: user:beth 6890 relation: can_read 6891 type: folder 6892 expectation: 6893 - folder:1 6894 - request: 6895 user: user:carl 6896 relation: can_read 6897 type: folder 6898 expectation: [] 6899 - request: 6900 user: user:dan 6901 relation: can_read 6902 type: folder 6903 expectation: [] 6904 - request: 6905 user: user:emily 6906 relation: can_read 6907 type: folder 6908 expectation: 6909 - folder:2 6910 - folder:3 6911 - request: 6912 user: user:frida 6913 relation: can_read 6914 type: folder 6915 expectation: [] 6916 - request: 6917 user: user:gabriel 6918 relation: can_read 6919 type: folder 6920 expectation: 6921 - folder:2 6922 - folder:3 6923 - request: 6924 user: user:harriette 6925 relation: can_read 6926 type: folder 6927 expectation: 6928 - folder:1 6929 - folder:2 6930 - folder:3 6931 - folder:5 6932 listUsersAssertions: 6933 - request: 6934 filters: 6935 - user 6936 object: folder:1 6937 relation: can_read 6938 expectation: 6939 - user:anne 6940 - user:beth 6941 - user:harriette 6942 - request: 6943 filters: 6944 - user 6945 object: folder:2 6946 relation: can_read 6947 expectation: 6948 - user:anne 6949 - user:emily 6950 - user:gabriel 6951 - user:harriette 6952 - request: 6953 filters: 6954 - user 6955 object: folder:3 6956 relation: can_read 6957 expectation: 6958 - user:anne 6959 - user:emily 6960 - user:gabriel 6961 - user:harriette 6962 - request: 6963 filters: 6964 - user 6965 object: folder:5 6966 relation: can_read 6967 expectation: 6968 - user:harriette 6969 - name: resolution_too_complex_throws_error 6970 stages: 6971 - model: | 6972 model 6973 schema 1.1 6974 type user 6975 type resource 6976 relations 6977 define a1: a2 6978 define a2: a3 6979 define a3: a4 6980 define a4: a5 6981 define a5: a6 6982 define a6: a7 6983 define a7: a8 6984 define a8: a9 6985 define a9: a10 6986 define a10: a11 6987 define a11: a12 6988 define a12: a13 6989 define a13: a14 6990 define a14: a15 6991 define a15: a16 6992 define a16: a17 6993 define a17: a18 6994 define a18: a19 6995 define a19: a20 6996 define a20: a21 6997 define a21: a22 6998 define a22: a23 6999 define a23: a24 7000 define a24: a25 7001 define a25: a26 7002 define a26: [user] 7003 tuples: 7004 - object: resource:1 7005 relation: a26 7006 user: user:jon 7007 checkAssertions: 7008 - tuple: 7009 object: resource:abc 7010 relation: a1 7011 user: user:maria 7012 errorCode: 2002 7013 listObjectsAssertions: 7014 - request: 7015 type: resource 7016 relation: a1 7017 user: user:jon 7018 errorCode: 2002 7019 listUsersAssertions: 7020 - request: 7021 filters: 7022 - user 7023 object: resource:abc 7024 relation: a1 7025 errorCode: 2002 7026 - name: race_condition_same_user_same_object_diff_relation 7027 stages: 7028 - model: | 7029 model 7030 schema 1.1 7031 type user 7032 type test_type 7033 relations 7034 define relation1: [user] 7035 define relation2: [user] 7036 type list_type 7037 relations 7038 define list_relation: [test_type#relation1,test_type#relation2] 7039 tuples: 7040 - user: user:test_user 7041 relation: relation1 7042 object: test_type:test_type1 7043 - user: user:test_user 7044 relation: relation2 7045 object: test_type:test_type1 7046 - user: test_type:test_type1#relation1 7047 relation: list_relation 7048 object: list_type:list_type1 7049 checkAssertions: 7050 - tuple: 7051 user: user:test_user 7052 relation: list_relation 7053 object: list_type:list_type1 7054 expectation: true 7055 - tuple: 7056 user: user:test_user 7057 relation: list_relation 7058 object: list_type:list_type2 7059 expectation: false 7060 listObjectsAssertions: 7061 - request: 7062 user: user:test_user 7063 type: list_type 7064 relation: list_relation 7065 expectation: 7066 - list_type:list_type1 7067 listUsersAssertions: 7068 - request: 7069 filters: 7070 - user 7071 object: list_type:list_type1 7072 relation: list_relation 7073 expectation: 7074 - user:test_user 7075 - request: 7076 filters: 7077 - user 7078 object: list_type:list_type2 7079 relation: list_relation 7080 expectation: 7081 - name: follows_correct_graph_edges 7082 stages: 7083 - model: | 7084 model 7085 schema 1.1 7086 type user 7087 7088 type repo 7089 relations 7090 define admin: [user] or repo_admin from owner 7091 define owner: [organization] 7092 7093 type organization 7094 relations 7095 define member: [user] or owner 7096 define owner: [user] 7097 define repo_admin: [user, organization#member] 7098 tuples: 7099 - user: user:alex 7100 relation: member 7101 object: organization:openfga 7102 - user: user:alex 7103 relation: member 7104 object: organization:acme 7105 - user: organization:openfga 7106 relation: owner 7107 object: repo:openfga/openfga 7108 - user: organization:acme 7109 relation: owner 7110 object: repo:acme/acme 7111 listObjectsAssertions: 7112 - request: 7113 user: user:alex 7114 type: repo 7115 relation: admin 7116 expectation: [] 7117 listUsersAssertions: 7118 - request: 7119 filters: 7120 - user 7121 object: repo:openfga/openfga 7122 relation: admin 7123 expectation: 7124 - request: 7125 filters: 7126 - user 7127 object: repo:acme/acme 7128 relation: admin 7129 expectation: 7130 - name: list_objects_with_subcheck_encounters_cycle 7131 stages: 7132 - model: | 7133 model 7134 schema 1.1 7135 type user 7136 7137 type document 7138 relations 7139 define allowed: [user, document#viewer] 7140 define viewer: [user, document#allowed] and allowed 7141 tuples: 7142 - user: user:jon 7143 relation: viewer 7144 object: document:1 7145 - user: document:1#viewer 7146 relation: allowed 7147 object: document:1 7148 - user: document:1#allowed 7149 relation: viewer 7150 object: document:1 7151 checkAssertions: 7152 - tuple: 7153 user: user:jon 7154 relation: viewer 7155 object: document:1 7156 expectation: false 7157 listObjectsAssertions: 7158 - request: 7159 user: user:jon 7160 type: document 7161 relation: viewer 7162 expectation: [] 7163 listUsersAssertions: 7164 - request: 7165 filters: 7166 - user 7167 object: document:1 7168 relation: viewer 7169 expectation: 7170 - name: list_objects_with_subcheck_resolution_depth_exceeded 7171 stages: 7172 - model: | 7173 model 7174 schema 1.1 7175 type user 7176 7177 type document 7178 relations 7179 define a1: a2 7180 define a2: a3 7181 define a3: a4 7182 define a4: a5 7183 define a5: a6 7184 define a6: a7 7185 define a7: a8 7186 define a8: a9 7187 define a9: a10 7188 define a10: a11 7189 define a11: a12 7190 define a12: a13 7191 define a13: a14 7192 define a14: a15 7193 define a15: a16 7194 define a16: a17 7195 define a17: a18 7196 define a18: a19 7197 define a19: a20 7198 define a20: a21 7199 define a21: a22 7200 define a22: a23 7201 define a23: a24 7202 define a24: a25 7203 define a25: a26 7204 define a26: [user] 7205 define viewer: [user] and a1 7206 tuples: 7207 - user: user:jon 7208 relation: viewer 7209 object: document:1 7210 listObjectsAssertions: 7211 - request: 7212 user: user:jon 7213 type: document 7214 relation: viewer 7215 errorCode: 2002 7216 listUsersAssertions: 7217 - request: 7218 filters: 7219 - user 7220 object: document:1 7221 relation: viewer 7222 errorCode: 2002 7223 - name: direct_relationships_with_intersection 7224 stages: 7225 - model: | 7226 model 7227 schema 1.1 7228 type user 7229 7230 type document 7231 relations 7232 define allowed: [user] 7233 define viewer: [user] and allowed 7234 tuples: 7235 - user: user:jon 7236 relation: viewer 7237 object: document:1 7238 - user: user:jon 7239 relation: allowed 7240 object: document:1 7241 listObjectsAssertions: 7242 - request: 7243 user: user:jon 7244 type: document 7245 relation: viewer 7246 expectation: 7247 - document:1 7248 listUsersAssertions: 7249 - request: 7250 filters: 7251 - user 7252 object: document:1 7253 relation: viewer 7254 expectation: 7255 - user:jon 7256 - name: nested_usersets_are_recursively_expanded 7257 stages: 7258 - model: | 7259 model 7260 schema 1.1 7261 type user 7262 type group 7263 relations 7264 define member: [user, group#member] 7265 tuples: 7266 - user: group:fga#member 7267 relation: member 7268 object: group:eng 7269 - user: group:fga-backend#member 7270 relation: member 7271 object: group:fga 7272 listUsersAssertions: 7273 - request: 7274 filters: 7275 - group#member 7276 object: group:eng 7277 relation: member 7278 expectation: 7279 - group:eng#member 7280 - group:fga#member 7281 - group:fga-backend#member 7282 - name: cycle_or_cycle_return_false 7283 stages: 7284 - model: | 7285 model 7286 schema 1.1 7287 type user 7288 type document 7289 relations 7290 define editor: [user, document#viewer] 7291 define viewer: [document#editor] or editor 7292 tuples: 7293 - user: document:1#viewer 7294 relation: editor 7295 object: document:1 7296 - user: document:1#editor 7297 relation: viewer 7298 object: document:1 7299 checkAssertions: 7300 - tuple: 7301 object: document:1 7302 relation: viewer 7303 user: user:jon 7304 expectation: false 7305 listObjectsAssertions: 7306 - request: 7307 user: user:jon 7308 type: document 7309 relation: viewer 7310 expectation: 7311 - name: immediate_cycle_through_computed_userset 7312 stages: 7313 - model: | 7314 model 7315 schema 1.1 7316 type user 7317 7318 type document 7319 relations 7320 define editor: [user, document#viewer] 7321 define viewer: editor 7322 tuples: 7323 - user: document:1#viewer 7324 relation: editor 7325 object: document:1 7326 checkAssertions: 7327 - tuple: 7328 object: document:1 7329 relation: viewer 7330 user: user:jon 7331 expectation: false 7332 listObjectsAssertions: 7333 - request: 7334 user: user:jon 7335 type: document 7336 relation: viewer 7337 expectation: 7338 - name: immediate_cycle_through_computed_userset 7339 stages: 7340 - model: | 7341 model 7342 schema 1.1 7343 type user 7344 7345 type document 7346 relations 7347 define editor: [user, document#viewer] 7348 define viewer: editor 7349 tuples: 7350 - user: document:1#viewer 7351 relation: editor 7352 object: document:1 7353 checkAssertions: 7354 - tuple: 7355 object: document:1 7356 relation: viewer 7357 user: user:jon 7358 expectation: false 7359 listObjectsAssertions: 7360 - request: 7361 user: user:jon 7362 type: document 7363 relation: viewer 7364 expectation: 7365 - name: true_butnot_cycle_return_false 7366 stages: 7367 - model: | 7368 model 7369 schema 1.1 7370 type user 7371 7372 type document 7373 relations 7374 define restricted: [user, document#viewer] 7375 define viewer: [user] but not restricted 7376 tuples: 7377 - user: user:jon 7378 relation: viewer 7379 object: document:1 7380 - user: document:1#viewer 7381 relation: restricted 7382 object: document:1 7383 checkAssertions: 7384 - tuple: 7385 object: document:1 7386 relation: viewer 7387 user: user:jon 7388 expectation: false 7389 listObjectsAssertions: 7390 - request: 7391 user: user:jon 7392 type: document 7393 relation: viewer 7394 expectation: 7395 - name: cycle_and_cycle_return_false 7396 stages: 7397 - model: | 7398 model 7399 schema 1.1 7400 7401 type user 7402 7403 type document 7404 relations 7405 define editor: [user, document#viewer] 7406 define viewer: [user, document#editor] and editor 7407 tuples: 7408 - user: document:1#editor 7409 relation: viewer 7410 object: document:1 7411 - user: document:1#viewer 7412 relation: editor 7413 object: document:1 7414 checkAssertions: 7415 - tuple: 7416 object: document:1 7417 relation: viewer 7418 user: user:jon 7419 expectation: false 7420 listObjectsAssertions: 7421 - request: 7422 user: user:jon 7423 type: document 7424 relation: viewer 7425 expectation: 7426 - name: cycle_and_true_return_false 7427 stages: 7428 - model: | 7429 model 7430 schema 1.1 7431 7432 type user 7433 7434 type document 7435 relations 7436 define allowed: [user] 7437 define viewer: [user, document#viewer] and allowed 7438 tuples: 7439 - user: user:jon 7440 relation: allowed 7441 object: document:1 7442 checkAssertions: 7443 - tuple: 7444 object: document:1 7445 relation: viewer 7446 user: user:jon 7447 expectation: false 7448 listObjectsAssertions: 7449 - request: 7450 user: user:jon 7451 type: document 7452 relation: viewer 7453 expectation: 7454 - name: immediate_cycle_return_false 7455 stages: 7456 - model: | 7457 model 7458 schema 1.1 7459 7460 type user 7461 7462 type document 7463 relations 7464 define viewer: [user, document#viewer] 7465 checkAssertions: 7466 - tuple: 7467 object: document:1 7468 relation: viewer 7469 user: user:jon 7470 expectation: false 7471 listObjectsAssertions: 7472 - request: 7473 user: user:jon 7474 type: document 7475 relation: viewer 7476 expectation: 7477 - name: cycle_butnot_false_return_false 7478 stages: 7479 - model: | 7480 model 7481 schema 1.1 7482 7483 type user 7484 7485 type document 7486 relations 7487 define restricted: [user] 7488 define viewer: [user, document#viewer] but not restricted 7489 checkAssertions: 7490 - tuple: 7491 object: document:1 7492 relation: viewer 7493 user: user:jon 7494 expectation: false 7495 listObjectsAssertions: 7496 - request: 7497 user: user:jon 7498 type: document 7499 relation: viewer 7500 expectation: 7501 - name: false_butnot_cycle_return_false 7502 stages: 7503 - model: | 7504 model 7505 schema 1.1 7506 7507 type user 7508 7509 type document 7510 relations 7511 define restricted: [user, document#viewer] 7512 define viewer: [user] but not restricted 7513 tuples: 7514 - user: document:1#viewer 7515 relation: restricted 7516 object: document:1 7517 checkAssertions: 7518 - tuple: 7519 object: document:1 7520 relation: viewer 7521 user: user:jon 7522 expectation: false 7523 listObjectsAssertions: 7524 - request: 7525 user: user:jon 7526 type: document 7527 relation: viewer 7528 expectation: 7529 - name: err_and_err_return_err 7530 stages: 7531 - model: | 7532 model 7533 schema 1.1 7534 type user 7535 type resource 7536 relations 7537 define a1: a2 7538 define a2: a3 7539 define a3: a4 7540 define a4: a5 7541 define a5: a6 7542 define a6: a7 7543 define a7: a8 7544 define a8: a9 7545 define a9: a10 7546 define a10: a11 7547 define a11: a12 7548 define a12: a13 7549 define a13: a14 7550 define a14: a15 7551 define a15: a16 7552 define a16: a17 7553 define a17: a18 7554 define a18: a19 7555 define a19: a20 7556 define a20: a21 7557 define a21: a22 7558 define a22: a23 7559 define a23: a24 7560 define a24: a25 7561 define a25: a26 7562 define a26: [user] 7563 define can_view: a1 and a1 7564 tuples: 7565 - object: resource:abc 7566 relation: a26 7567 user: user:maria 7568 checkAssertions: 7569 - tuple: 7570 object: resource:abc 7571 relation: can_view 7572 user: user:maria 7573 errorCode: 2002 7574 listObjectsAssertions: 7575 - request: 7576 type: resource 7577 relation: can_view 7578 user: user:maria 7579 errorCode: 2002 7580 - name: err_and_true_return_err 7581 stages: 7582 - model: | 7583 model 7584 schema 1.1 7585 type user 7586 type resource 7587 relations 7588 define a1: a2 7589 define a2: a3 7590 define a3: a4 7591 define a4: a5 7592 define a5: a6 7593 define a6: a7 7594 define a7: a8 7595 define a8: a9 7596 define a9: a10 7597 define a10: a11 7598 define a11: a12 7599 define a12: a13 7600 define a13: a14 7601 define a14: a15 7602 define a15: a16 7603 define a16: a17 7604 define a17: a18 7605 define a18: a19 7606 define a19: a20 7607 define a20: a21 7608 define a21: a22 7609 define a22: a23 7610 define a23: a24 7611 define a24: a25 7612 define a25: a26 7613 define a26: [user] 7614 define can_view: a1 and a26 7615 tuples: 7616 - object: resource:abc 7617 relation: a26 7618 user: user:maria 7619 checkAssertions: 7620 - tuple: 7621 object: resource:abc 7622 relation: can_view 7623 user: user:maria 7624 errorCode: 2002 7625 listObjectsAssertions: 7626 - request: 7627 type: resource 7628 relation: can_view 7629 user: user:maria 7630 errorCode: 2002 7631 - name: userset_defines_itself_1 7632 stages: 7633 - model: | 7634 model 7635 schema 1.1 7636 type user 7637 type document 7638 relations 7639 define viewer: [user] 7640 checkAssertions: 7641 - tuple: 7642 user: document:1#viewer 7643 relation: viewer 7644 object: document:1 7645 expectation: true 7646 - tuple: 7647 user: document:2#viewer 7648 relation: viewer 7649 object: document:1 7650 expectation: false 7651 listObjectsAssertions: 7652 - request: 7653 user: document:1#viewer 7654 type: document 7655 relation: viewer 7656 expectation: ["document:1"] 7657 listUsersAssertions: 7658 - request: 7659 filters: 7660 - document#viewer 7661 object: document:1 7662 relation: viewer 7663 expectation: 7664 - document:1#viewer 7665 - name: userset_defines_itself_2 7666 stages: 7667 - model: | 7668 model 7669 schema 1.1 7670 type user 7671 type document 7672 relations 7673 define viewer: editor or writer 7674 define editor: [user] 7675 define writer: [user] 7676 checkAssertions: 7677 - tuple: 7678 user: document:1#writer 7679 relation: viewer 7680 object: document:1 7681 expectation: true 7682 - tuple: 7683 user: document:1#editor 7684 relation: viewer 7685 object: document:1 7686 expectation: true 7687 - tuple: 7688 user: document:1#viewer 7689 relation: viewer 7690 object: document:1 7691 expectation: true 7692 listObjectsAssertions: 7693 - request: 7694 user: document:1#writer 7695 type: document 7696 relation: viewer 7697 expectation: ["document:1"] 7698 - request: 7699 user: document:1#editor 7700 type: document 7701 relation: viewer 7702 expectation: ["document:1"] 7703 - request: 7704 user: document:1#viewer 7705 type: document 7706 relation: viewer 7707 expectation: ["document:1"] 7708 listUsersAssertions: 7709 - request: 7710 filters: 7711 - document#writer 7712 object: document:1 7713 relation: viewer 7714 expectation: 7715 - document:1#writer 7716 - request: 7717 filters: 7718 - document#editor 7719 object: document:1 7720 relation: viewer 7721 expectation: 7722 - document:1#editor 7723 - request: 7724 filters: 7725 - document#viewer 7726 object: document:1 7727 relation: viewer 7728 expectation: 7729 - document:1#viewer 7730 - name: userset_defines_itself_3 7731 stages: 7732 - model: | 7733 model 7734 schema 1.1 7735 type user 7736 type document 7737 relations 7738 define writer: [user] 7739 define viewer: writer 7740 checkAssertions: 7741 - tuple: 7742 user: document:1#writer 7743 relation: viewer 7744 object: document:1 7745 expectation: true 7746 - tuple: 7747 user: document:1#viewer 7748 relation: viewer 7749 object: document:1 7750 expectation: true 7751 - tuple: 7752 user: document:1#viewer 7753 relation: writer 7754 object: document:1 7755 expectation: false 7756 listObjectsAssertions: 7757 - request: 7758 user: document:1#writer 7759 type: document 7760 relation: viewer 7761 expectation: ["document:1"] 7762 - request: 7763 user: document:1#viewer 7764 type: document 7765 relation: viewer 7766 expectation: ["document:1"] 7767 - request: 7768 user: document:1#viewer 7769 type: document 7770 relation: writer 7771 expectation: [] 7772 listUsersAssertions: 7773 - request: 7774 filters: 7775 - document#writer 7776 object: document:1 7777 relation: viewer 7778 expectation: 7779 - document:1#writer 7780 - request: 7781 filters: 7782 - document#viewer 7783 object: document:1 7784 relation: viewer 7785 expectation: 7786 - document:1#viewer 7787 - request: 7788 filters: 7789 - document#viewer 7790 object: document:1 7791 relation: writer 7792 expectation: 7793 - name: userset_defines_itself_4 7794 stages: 7795 - model: | 7796 model 7797 schema 1.1 7798 type user 7799 type folder 7800 relations 7801 define viewer: [user] 7802 type document 7803 relations 7804 define parent: [folder] 7805 define viewer: viewer from parent 7806 tuples: 7807 - user: folder:x 7808 relation: parent 7809 object: document:1 7810 checkAssertions: 7811 - tuple: 7812 user: folder:x#viewer 7813 relation: viewer 7814 object: document:1 7815 expectation: true 7816 - tuple: 7817 user: document:1#viewer 7818 relation: viewer 7819 object: document:1 7820 expectation: true 7821 listObjectsAssertions: 7822 - request: 7823 user: document:1#viewer 7824 type: document 7825 relation: viewer 7826 expectation: ["document:1"] 7827 - request: 7828 user: folder:x#viewer 7829 type: document 7830 relation: viewer 7831 expectation: ["document:1"] 7832 listUsersAssertions: 7833 - request: 7834 filters: 7835 - document#viewer 7836 object: document:1 7837 relation: viewer 7838 expectation: 7839 - document:1#viewer 7840 - request: 7841 filters: 7842 - folder#viewer 7843 object: folder:x 7844 relation: viewer 7845 expectation: 7846 - folder:x#viewer 7847 - name: userset_defines_itself_5 7848 stages: 7849 - model: | 7850 model 7851 schema 1.1 7852 type user 7853 type document 7854 relations 7855 define allowed: [user] 7856 define viewer: [user] and allowed 7857 checkAssertions: 7858 - tuple: 7859 user: document:1#viewer 7860 relation: allowed 7861 object: document:1 7862 expectation: false 7863 - tuple: 7864 user: document:1#allowed 7865 relation: viewer 7866 object: document:1 7867 expectation: false 7868 - tuple: 7869 user: document:1#viewer 7870 relation: viewer 7871 object: document:1 7872 expectation: true 7873 listObjectsAssertions: 7874 - request: 7875 user: document:1#allowed 7876 type: document 7877 relation: viewer 7878 expectation: [] 7879 - request: 7880 user: document:1#viewer 7881 type: document 7882 relation: allowed 7883 expectation: [] 7884 listUsersAssertions: 7885 - request: 7886 filters: 7887 - document#allowed 7888 object: document:1 7889 relation: viewer 7890 expectation: 7891 - request: 7892 filters: 7893 - document#viewer 7894 object: document:1 7895 relation: allowed 7896 expectation: 7897 - name: userset_defines_itself_6 7898 stages: 7899 - model: | 7900 model 7901 schema 1.1 7902 type user 7903 type document 7904 relations 7905 define restricted: [user] 7906 define viewer: [user] but not restricted 7907 checkAssertions: 7908 - tuple: 7909 user: document:1#viewer 7910 relation: restricted 7911 object: document:1 7912 expectation: false 7913 - tuple: 7914 user: document:1#restricted 7915 relation: viewer 7916 object: document:1 7917 expectation: false 7918 - tuple: 7919 user: document:1#viewer 7920 relation: viewer 7921 object: document:1 7922 expectation: true 7923 listObjectsAssertions: 7924 - request: 7925 user: document:1#viewer 7926 type: document 7927 relation: viewer 7928 expectation: ["document:1"] 7929 - request: 7930 user: document:1#restricted 7931 type: document 7932 relation: viewer 7933 expectation: [] 7934 - request: 7935 user: document:1#viewer 7936 type: document 7937 relation: restricted 7938 expectation: [] 7939 listUsersAssertions: 7940 - request: 7941 filters: 7942 - document#viewer 7943 object: document:1 7944 relation: viewer 7945 expectation: 7946 - document:1#viewer 7947 - request: 7948 filters: 7949 - document#viewer 7950 object: document:1 7951 relation: restricted 7952 expectation: 7953 - request: 7954 filters: 7955 - document#restricted 7956 object: document:1 7957 relation: viewer 7958 expectation: 7959 - name: userset_defines_itself_7 7960 stages: 7961 - model: | 7962 model 7963 schema 1.1 7964 type user 7965 type group 7966 relations 7967 define member: [user, group#member] but not blocked 7968 define blocked: [user, group#member] 7969 tuples: 7970 - user: group:1#member 7971 relation: blocked 7972 object: group:1 7973 - user: user:will 7974 relation: member 7975 object: group:1 7976 checkAssertions: 7977 - tuple: 7978 user: group:1#member 7979 relation: member 7980 object: group:1 7981 expectation: true 7982 listObjectsAssertions: 7983 - request: 7984 user: group:1#member 7985 type: group 7986 relation: member 7987 expectation: ["group:1"] 7988 listUsersAssertions: 7989 - request: 7990 filters: 7991 - group#member 7992 object: group:1 7993 relation: member 7994 expectation: 7995 - group:1#member 7996 - name: userset_defines_itself_8 7997 stages: 7998 - model: | 7999 model 8000 schema 1.1 8001 type user 8002 type document 8003 relations 8004 define writer: [user] 8005 define viewer: [user] or writer 8006 checkAssertions: 8007 - tuple: 8008 user: document:1#writer 8009 relation: viewer 8010 object: document:1 8011 expectation: true 8012 listObjectsAssertions: 8013 - request: 8014 user: document:1#writer 8015 type: document 8016 relation: viewer 8017 expectation: ["document:1"] 8018 listUsersAssertions: 8019 - request: 8020 filters: 8021 - document#writer 8022 object: document:1 8023 relation: viewer 8024 expectation: 8025 - document:1#writer 8026 - name: userset_defines_itself_9 8027 stages: 8028 - model: | 8029 model 8030 schema 1.1 8031 type user 8032 type group 8033 relations 8034 define member: [user] 8035 type document 8036 relations 8037 define blocked: [user] 8038 define viewer: [group#member] but not blocked 8039 tuples: 8040 - user: group:fga#member 8041 relation: viewer 8042 object: document:1 8043 - user: user:maria 8044 relation: blocked 8045 object: document:1 8046 checkAssertions: 8047 - tuple: 8048 user: group:fga#member 8049 relation: viewer 8050 object: document:1 8051 expectation: true # the group as a whole has access, but individual members may not 8052 listObjectsAssertions: 8053 - request: 8054 user: group:fga#member 8055 type: document 8056 relation: viewer 8057 expectation: [document:1] 8058 listUsersAssertions: 8059 - request: 8060 filters: 8061 - group#member 8062 object: document:1 8063 relation: viewer 8064 expectation: 8065 - group:fga#member 8066 - name: userset_defines_itself_10 8067 stages: 8068 - model: | 8069 model 8070 schema 1.1 8071 type user 8072 type doc 8073 relations 8074 define d: [user] 8075 define c: [user] 8076 define b: c or d 8077 define a: b 8078 checkAssertions: 8079 - tuple: 8080 user: doc:1#d 8081 relation: b 8082 object: doc:1 8083 expectation: true 8084 - tuple: 8085 user: doc:1#c 8086 relation: b 8087 object: doc:1 8088 expectation: true 8089 - tuple: 8090 user: doc:1#c 8091 relation: a 8092 object: doc:1 8093 expectation: true 8094 - tuple: 8095 user: doc:1#d 8096 relation: a 8097 object: doc:1 8098 expectation: true 8099 - tuple: 8100 user: doc:1#b 8101 relation: a 8102 object: doc:1 8103 expectation: true 8104 - tuple: 8105 user: doc:1#a 8106 relation: a 8107 object: doc:1 8108 expectation: true 8109 listObjectsAssertions: 8110 - request: 8111 user: doc:1#d 8112 type: doc 8113 relation: b 8114 expectation: [doc:1] 8115 - request: 8116 user: doc:1#c 8117 type: doc 8118 relation: b 8119 expectation: [doc:1] 8120 - request: 8121 user: doc:1#c 8122 type: doc 8123 relation: a 8124 expectation: [doc:1] 8125 - request: 8126 user: doc:1#d 8127 type: doc 8128 relation: a 8129 expectation: [doc:1] 8130 - request: 8131 user: doc:1#b 8132 type: doc 8133 relation: a 8134 expectation: [doc:1] 8135 listUsersAssertions: 8136 - request: 8137 filters: 8138 - doc#d 8139 object: doc:1 8140 relation: b 8141 expectation: 8142 - doc:1#d 8143 - request: 8144 filters: 8145 - doc#c 8146 object: doc:1 8147 relation: b 8148 expectation: 8149 - doc:1#c 8150 - request: 8151 filters: 8152 - doc#c 8153 object: doc:1 8154 relation: a 8155 expectation: 8156 - doc:1#c 8157 - request: 8158 filters: 8159 - doc#d 8160 object: doc:1 8161 relation: a 8162 expectation: 8163 - doc:1#d 8164 - request: 8165 filters: 8166 - doc#b 8167 object: doc:1 8168 relation: a 8169 expectation: 8170 - doc:1#b