I am trying to implement something like this:
- At the bottom of a tree, we have a "Operation".
- One Operation can be a multiple nested "Operation"
- Then comes the "Task"
- One task can have many nested "Tasks" as well as one or many "Operations"
- Then comes "Roles"
- One Role can have many nested "Roles", Tasks" and "Operations"
I want to make sure the following:
group:group_1 isAllowed operation:role_1_1_task_1_task_1_op_1
group:group_4 isAllowed operation:role_1_1_task_1_task_1_op_1
Here is my DSL:
model
schema 1.1
type group
type operation
relations
define allowed_group: [group]
define isAllowed: allowed_group or allowed_group from parent_operation or isAllowed from parent_task or isAllowed from parent_role
define parent_operation: [operation]
define parent_role: [role]
define parent_task: [task]
type task
relations
define allowed_group: [group]
define isAllowed: allowed_group or allowed_group from parent_task or isAllowed from parent_role
define parent_role: [role]
define parent_task: [task]
type role
relations
define allowed_group: [group]
define isAllowed: allowed_group or isAllowed from parent_role
define parent_role: [role]
Here are my tuples:
USER group:group_1
RELATION allowed_group
OBJECT role:role_1
USER role:role_1
RELATION parent_role
OBJECT operation:role_1_op_1
USER role:role_1
RELATION parent_role
OBJECT role:role_1_1
USER role:role_1_1
RELATION parent_role
OBJECT operation:role_1_1_op_1
USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_1
USER role:role_1_1
RELATION parent_role
OBJECT task:role_1_1_task_2
USER task:role_1_1_task_2
RELATION parent_task
OBJECT operation:role_1_1_task_2_op_1
USER task:role_1_1_task_1
RELATION parent_task
OBJECT task:role_1_1_task_1_task_1
USER task:role_1_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_op_1
USER group:group_2
RELATION allowed_group
OBJECT operation:role_1_op_1
USER group:group_7
RELATION allowed_group
OBJECT operation:role_1_1_op_1
USER group:group_8
RELATION allowed_group
OBJECT operation:role_1_1_task_2_op_1
USER group:group_3
RELATION allowed_group
OBJECT task:role_1_task_1
USER role:role_1
RELATION parent_role
OBJECT task:role_1_task_1
USER group:group_4
RELATION allowed_group
OBJECT role:role_1_1
USER group:group_5
RELATION allowed_group
OBJECT task:role_1_1_task_1
USER group:group_9
RELATION allowed_group
OBJECT operation:role_1_1_task_1_task_1_op_1
USER group:group_6
RELATION allowed_group
OBJECT task:role_1_1_task_2
USER task:role_1_1_task_1_task_1
RELATION parent_task
OBJECT operation:role_1_1_task_1_task_1_op_1
Here are my assertions so far:
USER group:group_4
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True
USER group:group_1
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True
USER group:group_2
RELATION isAllowed
OBJECT operation:role_1_1_task_1_op_1
ALLOWED False
USER group:group_5
RELATION isAllowed
OBJECT operation:role_1_1_task_1_task_1_op_1
ALLOWED True
USER group:group_6
RELATION isAllowed
OBJECT operation:role_1_1_task_2_op_1
ALLOWED True
USER group:group_7
RELATION isAllowed
OBJECT operation:role_1_1_op_1
ALLOWED True
It seems anything nesting not working.. In my path, I have two nested tasks. that seems to be an issue.