package main

import (

"github.com/coder/coder/v2/coderd/database/spice/policy/playground/relationships"

"gopkg.in/yaml.v3"

"github.com/coder/coder/v2/coderd/database/spice/policy"

)

type PlaygroundYAML struct {

Schema string `yaml:"schema"`

Relationships string `yaml:"relationships"`

Assertions struct {

True []string `yaml:"assertTrue"`

False []string `yaml:"assertFalse"`

} `yaml:"assertions"`

Validation map[string][]string `yaml:"validation"`

}

func PlaygroundExport() string {

relationships.GenerateRelationships()

y := PlaygroundYAML{

Schema: policy.Schema,

Relationships: relationships.AllRelationsToStrings(),

}

out, err := yaml.Marshal(y)

if err != nil {

panic(err)

}

return string(out)

}

package main

import (

"fmt"

"os"

)

func main() {

if len(os.Args) <= 1 {

usage()

return

}

switch os.Args[1] {

case "export":

fmt.Println(PlaygroundExport())

default:

usage()

}

}

func usage() {

fmt.Println("Usage: policycmd [command]")

fmt.Println("Commands:")

fmt.Println(" export")

fmt.Println(" import")

fmt.Println(" playground")

fmt.Println(" run")

fmt.Println(" test")

}

package main

import (

_ "embed"

"fmt"

"go/format"

"strings"

"text/template"

v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"

core "github.com/authzed/spicedb/pkg/proto/core/v1"

"github.com/authzed/spicedb/pkg/schemadsl/compiler"

"github.com/coder/coder/v2/coderd/database/spice/policy"

)

var templateText string

func main() {

fmt.Println(Generate())

}

func capitalize(name string) string {

return strings.ToUpper(string(name[0])) + name[1:]

}

func Generate() string {

var prefix string

compiled, err := compiler.Compile(compiler.InputSchema{

Source: "policy.zed",

SchemaString: policy.Schema,

}, &prefix)

if err != nil {

panic(err)

}

tpl := template.New("zanzobjects").Funcs(template.FuncMap{

"capitalize": capitalize,

})

tpl, err = tpl.Parse(templateText)

if err != nil {

panic(err)

}

var output strings.Builder

output.WriteString(`package relationships`)

output.WriteString("\n")

output.WriteString(`import v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"`)

output.WriteString("\n")

for _, obj := range compiled.ObjectDefinitions {

d := newDef(obj)

var _ = d

err := tpl.Execute(&output, d)

if err != nil {

panic(err)

}

output.WriteString("\n")

}

formatted, err := format.Source([]byte(output.String()))

if err != nil {

panic(err)

}

return string(formatted)

}

type objectDefinition struct {

// The core type

*core.NamespaceDefinition

DirectRelations []objectDirectRelation

}

type objectDirectRelation struct {

RelationName string

FunctionName string

Subject v1.SubjectReference

}

func newDef(obj *core.NamespaceDefinition) objectDefinition {

d := objectDefinition{

NamespaceDefinition: obj,

}

rels := make([]objectDirectRelation, 0)

//if obj.Name == "group" {

// fmt.Println("")

//}

for _, r := range obj.Relation {

if r.UsersetRewrite != nil {

// This is a permission.

continue

}

dedup := 0

multipleSubjects := make([]objectDirectRelation, 0)

// For the "relation" we should write a helper function to create

// this relationship between two objects.

for _, d := range r.TypeInformation.AllowedDirectRelations {

optRel := ""

if d.GetRelation() != "..." {

optRel = d.GetRelation()

}

if d.GetPublicWildcard() != nil {

multipleSubjects = append(multipleSubjects, objectDirectRelation{

RelationName: r.Name,

FunctionName: r.Name,

Subject: v1.SubjectReference{

Object: &v1.ObjectReference{

ObjectType: d.Namespace,

ObjectId: "*",

},

OptionalRelation: optRel,

},

})

continue

}

dedup++

multipleSubjects = append(multipleSubjects, objectDirectRelation{

RelationName: r.Name,

FunctionName: r.Name,

Subject: v1.SubjectReference{

Object: &v1.ObjectReference{

ObjectType: d.Namespace,

ObjectId: "<id>",

},

OptionalRelation: optRel,

},

})

}

if dedup > 1 {

for i := range multipleSubjects {

// Remove method name conflicts

multipleSubjects[i].FunctionName += capitalize(multipleSubjects[i].Subject.Object.ObjectType)

}

}

rels = append(rels, multipleSubjects...)

}

d.DirectRelations = rels

return d

}

package main_test

import (

"fmt"

"testing"

v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"

"github.com/authzed/spicedb/pkg/tuple"

)

func TestString(t *testing.T) {

rel := v1.Relationship{

Resource: &v1.ObjectReference{

ObjectType: "group",

ObjectId: "everyone",

},

Relation: "member",

Subject: &v1.SubjectReference{

Object: &v1.ObjectReference{

ObjectType: "user",

ObjectId: "*",

},

},

OptionalCaveat: nil,

}

fmt.Println(tuple.MustRelString(&rel))

}

type Obj{{ capitalize .Name }} struct {

Obj *v1.ObjectReference

*Relationships

}

func {{ capitalize .Name }}(id string) *Obj{{ capitalize .Name }} {

o := &Obj{{ capitalize .Name }}{

Obj: &v1.ObjectReference{

ObjectType: "{{ .Name }}",

ObjectId: id,

},

Relationships: NewRelationships(),

}

allObjects = append(allObjects, o)

return o

}

{{ $outerName := .Name }}

func (obj *Obj{{ capitalize $outerName }}) Type() string {

return "{{ .Name }}"

}

{{ range $index, $element := .DirectRelations }}

{{ if eq $element.Subject.Object.ObjectId "*" }}

func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.RelationName }}Wildcard() *Obj{{ capitalize $outerName }}{

obj.Add(v1.Relationship{

Resource: obj.Obj,

Relation: "{{ $element.RelationName }}",

Subject: &v1.SubjectReference{

Object: &v1.ObjectReference {

ObjectType: "{{ $element.Subject.Object.ObjectType }}",

ObjectId: "*",

},

OptionalRelation: "{{ $element.Subject.OptionalRelation }}",

},

OptionalCaveat: nil,

})

return obj

}

{{ else }}

func (obj *Obj{{ capitalize $outerName }}) {{ capitalize $element.FunctionName }}(subs ...*Obj{{ capitalize $element.Subject.Object.ObjectType }}) *Obj{{ capitalize $outerName }}{

for i := range subs {

sub := subs[i]

obj.Add(v1.Relationship{

Resource: obj.Obj,

Relation: "{{ $element.RelationName }}",

Subject: &v1.SubjectReference{

Object: sub.Obj,

OptionalRelation: "{{ $element.Subject.OptionalRelation }}",

},

OptionalCaveat: nil,

})

}

return obj

}

{{ end }}

{{ end }}

package relationships

import (

"fmt"

"sort"

"strings"

v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"

"github.com/authzed/spicedb/pkg/tuple"

)

func NewRelationships() *Relationships {

return &Relationships{

Relations: []v1.Relationship{},

}

}

type Relationships struct {

Relations []v1.Relationship

}

func (r *Relationships) AddRelation(relationship v1.Relationship) {

r.Relations = append(r.Relations, relationship)

}

func (r Relationships) AllRelations() []v1.Relationship {

return r.Relations

}

type ObjectWithRelationships interface {

AllRelations() []v1.Relationship

Type() string

}

var allObjects []ObjectWithRelationships

func AllRelationsToStrings() string {

// group all the objects

buckets := make(map[string][]ObjectWithRelationships)

bucketKeys := make([]string, 0)

for _, o := range allObjects {

o := o

if _, ok := buckets[o.Type()]; !ok {

bucketKeys = append(bucketKeys, o.Type())

}

buckets[o.Type()] = append(buckets[o.Type()], o)

}

var allStrings []string

sort.Strings(bucketKeys)

for _, bucketKey := range bucketKeys {

bucket := buckets[bucketKey]

allStrings = append(allStrings, "// All "+bucket[0].Type()+"s")

for _, o := range bucket {

for _, r := range o.AllRelations() {

r := r

rStr, err := tuple.StringRelationship(&r)

if err != nil {

panic(err)

}

allStrings = append(allStrings, rStr)

}

}

}

return strings.Join(allStrings, "\n")

}

func WorkspaceWithDeps(id string) *ObjWorkspace {

workspace := Workspace(id)

build := Workspace_build(fmt.Sprintf("%s/build", id)).

Workspace(workspace)

agent := Workspace_agent(fmt.Sprintf("%s/agent", id)).

Workspace(workspace)

app := Worspace_app(fmt.Sprintf("%s/app", id)).

Workspace(workspace)

resources := Workspace_resources(fmt.Sprintf("%s/resources", id)).

Workspace(workspace)

var _, _, _, _ = build, agent, app, resources

return workspace

}

func (obj *ObjTemplate) Version(id string) *ObjTemplate_version {

// This "/" syntax is not required. We usually use uuids, but strings

// are easier to read, and this helps us intuitively see relations.

return Template_version(fmt.Sprintf("%s/%s", obj.Obj.ObjectId, id)).

Template(obj)

}