From 91d9a4e7aa96c9db1286a350f286ac2d72a08449 Mon Sep 17 00:00:00 2001 From: John Schaeffer Date: Thu, 22 Aug 2024 14:44:53 -0400 Subject: [PATCH] Use CRDB instead of SpiceDB for getting role resource (#280) Roles created with no actions are not able to be retrieved or deleted in permissions-api as a result of fetching the role's resource ID from SpiceDB rather than CRDB. This commit updates the storage engine to use CRDB instead. Signed-off-by: John Schaeffer --- internal/query/relations.go | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/internal/query/relations.go b/internal/query/relations.go index ed965c8a..c9a7a174 100644 --- a/internal/query/relations.go +++ b/internal/query/relations.go @@ -1010,33 +1010,12 @@ func (e *engine) GetRole(ctx context.Context, roleResource types.Resource) (type // GetRoleResource gets the role's assigned resource. func (e *engine) GetRoleResource(ctx context.Context, roleResource types.Resource) (types.Resource, error) { - var ( - resActions map[types.Resource][]string - err error - ) - - for _, resType := range e.schemaRoleables { - resActions, err = e.listRoleResourceActions(ctx, roleResource, resType.Name) - if err != nil { - return types.Resource{}, err - } - - // roles are only ever created for a single resource, so we can break after the first one is found. - if len(resActions) != 0 { - break - } - } - - if len(resActions) > 1 { - return types.Resource{}, ErrRoleHasTooManyResources - } - - // returns the first resources actions. - for resource := range resActions { - return resource, nil + dbRole, err := e.store.GetRoleByID(ctx, roleResource.ID) + if err != nil { + return types.Resource{}, err } - return types.Resource{}, ErrRoleNotFound + return e.NewResourceFromID(dbRole.ResourceID) } // DeleteRole removes all role actions from the assigned resource.