feat: new page (querying data) #451
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
miparnisari
force-pushed
the
querying-data
branch
from
dbfe5f4 to
43776c8
Compare
miparnisari
force-pushed
the
querying-data
branch
from
43776c8 to
c66e7a4
Compare
|
|
||
| ## LookupResources | ||
|
|
||
| [`LookupResources`](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.LookupResources) is a good choice when you need to find all resources of a given type that a specific subject can access. It supports pagination and works well for moderate result sizes. |
There was a problem hiding this comment.
In the Protecting A List Endpoint page we say: "If the number of resources that a user has access to is sufficiently large and LookupResources can’t satisfy the use case anymore, another approach is to fetch a page of results and then call CheckBulkPermissions to determine which of the resources are accessible to the user."
This might contradict what's on this page
There was a problem hiding this comment.
hmmm i don't see how these pages are contradicting each other, can you elaborate?
There was a problem hiding this comment.
IMO for someone unfamiliar with the space these two sentences might cause confusion about which one to choose:
If the number of resources that a user has access to is sufficiently large and LookupResources can’t satisfy the use case anymore, another approach is to fetch a page of results and then call CheckBulkPermissions to determine which of the resources are accessible to the user.
[LookupResources](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.LookupResources) is a good choice when you need to find all resources of a given type that a specific subject can access. It supports cursoring and works well for moderate result sizes.
If you’re expecting more than ~10,000 results, this isn’t ideal.
and then
The options are listed from most preferred to least preferred in terms of performance,
where LS is after BullkCheck
There was a problem hiding this comment.
can you check now? i updated the link here:
If you’re expecting more than ~10,000 results, this isn't ideal. See [this](../modeling/protecting-a-list-endpoint#checking-with-checkbulkpermissions)
sohanmaheshwar
left a comment
sohanmaheshwar
left a comment
There was a problem hiding this comment.
Yay! this page is much needed. Added a couple of comments.
I think we need to align on the messaging across CheckBulkPermission and LookupResources . We've had mixed messaging out for this in the RAG usecases as well. Maybe Cormac can help us out with this
|
Deployment failed with the following error: View Documentation: https://vercel.com/docs/accounts/team-members-and-roles |
|
|
||
| When your schema uses caveats and you don't provide all the required context in the request parameters, the API will tell you that in the response that the result is "conditional" instead of simply denying or allowing, and it's up to you to inspect that result. | ||
|
|
||
| The `subject` of the query can be a single user (e.g. `user:maria`) or a set of users (e.g. `group:engineering#member`). |
There was a problem hiding this comment.
That's actually news to me 🤔
There was a problem hiding this comment.
yes, it works
miparnisari
force-pushed
the
querying-data
branch
from
cc48627 to
cfdda6d
Compare
|
|
||
| Receive: | ||
|
|
||
| - Yes/no (or a provisional response if missing caveat data) |
There was a problem hiding this comment.
provisional or conditional?
tstirrat15
force-pushed
the
querying-data
branch
2 times, most recently
from
1b74195 to
4ad5285
Compare
Co-authored-by: Maria Ines Parnisari <[email protected]>
tstirrat15
force-pushed
the
querying-data
branch
from
4ad5285 to
bc2daef
Compare
tstirrat15
force-pushed
the
querying-data
branch
from
bc2daef to
49113bb
Compare
Description
Closes #95