Packages

p

com.authzed.api.v1

permission_service

package permission_service

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. Protected

Type Members

  1. final case class CheckPermissionRequest(consistency: Option[Consistency] = _root_.scala.None, resource: Option[ObjectReference] = _root_.scala.None, permission: String = "", subject: Option[SubjectReference] = _root_.scala.None, context: Option[Struct] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[CheckPermissionRequest] with Product with Serializable

    CheckPermissionRequest issues a check on whether a subject has a permission or is a member of a relation, on a specific resource.

    CheckPermissionRequest issues a check on whether a subject has a permission or is a member of a relation, on a specific resource.

    resource

    resource is the resource on which to check the permission or relation.

    permission

    permission is the name of the permission (or relation) on which to execute the check.

    subject

    subject is the subject that will be checked for the permission or relation.

    context

    context consists of named values that are injected into the caveat evaluation context

    Annotations
    @SerialVersionUID()
  2. final case class CheckPermissionResponse(checkedAt: Option[ZedToken] = _root_.scala.None, permissionship: Permissionship = com.authzed.api.v1.permission_service.CheckPermissionResponse.Permissionship.PERMISSIONSHIP_UNSPECIFIED, partialCaveatInfo: Option[PartialCaveatInfo] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[CheckPermissionResponse] with Product with Serializable

    permissionship

    Permissionship communicates whether or not the subject has the requested permission or has a relationship with the given resource, over the given relation. This value will be authzed.api.v1.PERMISSIONSHIP_HAS_PERMISSION if the requested subject is a member of the computed permission set or there exists a relationship with the requested relation from the given resource to the given subject.

    partialCaveatInfo

    partial_caveat_info holds information of a partially-evaluated caveated response

    Annotations
    @SerialVersionUID()
  3. final case class Consistency(requirement: Requirement = com.authzed.api.v1.permission_service.Consistency.Requirement.Empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[Consistency] with Product with Serializable

    Consistency will define how a request is handled by the backend.

    Consistency will define how a request is handled by the backend. By defining a consistency requirement, and a token at which those requirements should be applied, where applicable.

    Annotations
    @SerialVersionUID()
  4. final case class DeleteRelationshipsRequest(relationshipFilter: Option[RelationshipFilter] = _root_.scala.None, optionalPreconditions: Seq[Precondition] = _root_.scala.Seq.empty, optionalLimit: Int = 0, optionalAllowPartialDeletions: Boolean = false, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[DeleteRelationshipsRequest] with Product with Serializable

    DeleteRelationshipsRequest specifies which Relationships should be deleted, requesting the delete of *ALL* relationships that match the specified filters.

    DeleteRelationshipsRequest specifies which Relationships should be deleted, requesting the delete of *ALL* relationships that match the specified filters. If the optional_preconditions parameter is included, all of the specified preconditions must also be satisfied before the delete will be executed.

    optionalPreconditions

    To be bounded by configuration

    optionalLimit

    optional_limit, if non-zero, specifies the limit on the number of relationships to be deleted. If there are more matching relationships found to be deleted than the limit specified here, the deletion call will fail with an error to prevent partial deletion. If partial deletion is needed, specify below that partial deletion is allowed. Partial deletions can be used in a loop to delete large amounts of relationships in a *non-transactional* manner.

    optionalAllowPartialDeletions

    optional_allow_partial_deletions, if true and a limit is specified, will delete matching found relationships up to the count specified in optional_limit, and no more.

    Annotations
    @SerialVersionUID()
  5. final case class DeleteRelationshipsResponse(deletedAt: Option[ZedToken] = _root_.scala.None, deletionProgress: DeletionProgress = com.authzed.api.v1.permission_service.DeleteRelationshipsResponse.DeletionProgress.DELETION_PROGRESS_UNSPECIFIED, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[DeleteRelationshipsResponse] with Product with Serializable

    deletedAt

    deleted_at is the revision at which the relationships were deleted.

    deletionProgress

    deletion_progress is an enumeration of the possible outcomes that occurred when attempting to delete the specified relationships.

    Annotations
    @SerialVersionUID()
  6. final case class ExpandPermissionTreeRequest(consistency: Option[Consistency] = _root_.scala.None, resource: Option[ObjectReference] = _root_.scala.None, permission: String = "", unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[ExpandPermissionTreeRequest] with Product with Serializable

    ExpandPermissionTreeRequest returns a tree representing the expansion of all relationships found accessible from a permission or relation on a particular resource.

    ExpandPermissionTreeRequest returns a tree representing the expansion of all relationships found accessible from a permission or relation on a particular resource.

    ExpandPermissionTreeRequest is typically used to determine the full set of subjects with a permission, along with the relationships that grant said access.

    resource

    resource is the resource over which to run the expansion.

    permission

    permission is the name of the permission or relation over which to run the expansion for the resource.

    Annotations
    @SerialVersionUID()
  7. final case class ExpandPermissionTreeResponse(expandedAt: Option[ZedToken] = _root_.scala.None, treeRoot: Option[PermissionRelationshipTree] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[ExpandPermissionTreeResponse] with Product with Serializable

    treeRoot

    tree_root is a tree structure whose leaf nodes are subjects, and intermediate nodes represent the various operations (union, intersection, exclusion) to reach those subjects.

    Annotations
    @SerialVersionUID()
  8. sealed abstract class LookupPermissionship extends GeneratedEnum

    LookupPermissionship represents whether a Lookup response was partially evaluated or not

  9. final case class LookupResourcesRequest(consistency: Option[Consistency] = _root_.scala.None, resourceObjectType: String = "", permission: String = "", subject: Option[SubjectReference] = _root_.scala.None, context: Option[Struct] = _root_.scala.None, optionalLimit: Int = 0, optionalCursor: Option[Cursor] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[LookupResourcesRequest] with Product with Serializable

    LookupResourcesRequest performs a lookup of all resources of a particular kind on which the subject has the specified permission or the relation in which the subject exists, streaming back the IDs of those resources.

    LookupResourcesRequest performs a lookup of all resources of a particular kind on which the subject has the specified permission or the relation in which the subject exists, streaming back the IDs of those resources.

    resourceObjectType

    resource_object_type is the type of resource object for which the IDs will be returned.

    permission

    permission is the name of the permission or relation for which the subject must Check.

    subject

    subject is the subject with access to the resources.

    context

    context consists of named values that are injected into the caveat evaluation context

    optionalLimit

    optional_limit, if non-zero, specifies the limit on the number of resources to return before the stream is closed on the server side. By default, the stream will continue resolving resources until exhausted or the stream is closed due to the client or a network issue.

    optionalCursor

    optional_cursor, if specified, indicates the cursor after which results should resume being returned. The cursor can be found on the LookupResourcesResponse object.

    Annotations
    @SerialVersionUID()
  10. final case class LookupResourcesResponse(lookedUpAt: Option[ZedToken] = _root_.scala.None, resourceObjectId: String = "", permissionship: LookupPermissionship = com.authzed.api.v1.permission_service.LookupPermissionship.LOOKUP_PERMISSIONSHIP_UNSPECIFIED, partialCaveatInfo: Option[PartialCaveatInfo] = _root_.scala.None, afterResultCursor: Option[Cursor] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[LookupResourcesResponse] with Product with Serializable

    LookupResourcesResponse contains a single matching resource object ID for the requested object type, permission, and subject.

    LookupResourcesResponse contains a single matching resource object ID for the requested object type, permission, and subject.

    lookedUpAt

    looked_up_at is the ZedToken at which the resource was found.

    resourceObjectId

    resource_object_id is the object ID of the found resource.

    permissionship

    permissionship indicates whether the response was partially evaluated or not

    partialCaveatInfo

    partial_caveat_info holds information of a partially-evaluated caveated response

    afterResultCursor

    after_result_cursor holds a cursor that can be used to resume the LookupResources stream after this result.

    Annotations
    @SerialVersionUID()
  11. final case class LookupSubjectsRequest(consistency: Option[Consistency] = _root_.scala.None, resource: Option[ObjectReference] = _root_.scala.None, permission: String = "", subjectObjectType: String = "", optionalSubjectRelation: String = "", context: Option[Struct] = _root_.scala.None, optionalConcreteLimit: Int = 0, optionalCursor: Option[Cursor] = _root_.scala.None, wildcardOption: WildcardOption = com.authzed.api.v1.permission_service.LookupSubjectsRequest.WildcardOption.WILDCARD_OPTION_UNSPECIFIED, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[LookupSubjectsRequest] with Product with Serializable

    LookupSubjectsRequest performs a lookup of all subjects of a particular kind for which the subject has the specified permission or the relation in which the subject exists, streaming back the IDs of those subjects.

    LookupSubjectsRequest performs a lookup of all subjects of a particular kind for which the subject has the specified permission or the relation in which the subject exists, streaming back the IDs of those subjects.

    resource

    resource is the resource for which all matching subjects for the permission or relation will be returned.

    permission

    permission is the name of the permission (or relation) for which to find the subjects.

    subjectObjectType

    subject_object_type is the type of subject object for which the IDs will be returned.

    optionalSubjectRelation

    optional_subject_relation is the optional relation for the subject.

    context

    context consists of named values that are injected into the caveat evaluation context

    optionalConcreteLimit

    optional_concrete_limit, if non-zero, specifies the limit on the number of *concrete* (non-wildcard) subjects to return before the stream is closed on the server side. With the default value of zero, the stream will continue resolving concrete subjects until exhausted or the stream is closed due to the client or a network issue. NOTE: Wildcard subjects ("*") have special treatment when cursors and limits are used. Because wildcards can apply to *any* concrete subjects, if a wildcard subject is found within the dataset, a wildcard subject can be returned for *all* LookupSubjects calls, regardless of the cursor or limit. For example, if wildcards are requested, a wildcard subject exists, there is a specified limit of 10 concrete subjects, and at least 10 concrete subjects exist, the API will return 11 subjects in total: the 10 concrete + the wildcard Furthermore, if a wildcard has a set of exclusions generated by the dataset, the exclusions *will respect the cursor* and only a *partial* set of exclusions will be returned for each invocation of the API. ***IT IS UP TO THE CALLER IN THIS CASE TO COMBINE THE EXCLUSIONS IF DESIRED***

    optionalCursor

    optional_cursor, if specified, indicates the cursor after which results should resume being returned. The cursor can be found on the LookupSubjectsResponse object. NOTE: See above for notes about how cursors interact with wildcard subjects.

    wildcardOption

    wildcard_option specifies whether wildcards should be returned by LookupSubjects. For backwards compatibility, defaults to WILDCARD_OPTION_INCLUDE_WILDCARDS if unspecified.

    Annotations
    @SerialVersionUID()
  12. final case class LookupSubjectsResponse(lookedUpAt: Option[ZedToken] = _root_.scala.None, subjectObjectId: String = "", excludedSubjectIds: Seq[String] = _root_.scala.Seq.empty, permissionship: LookupPermissionship = com.authzed.api.v1.permission_service.LookupPermissionship.LOOKUP_PERMISSIONSHIP_UNSPECIFIED, partialCaveatInfo: Option[PartialCaveatInfo] = _root_.scala.None, subject: Option[ResolvedSubject] = _root_.scala.None, excludedSubjects: Seq[ResolvedSubject] = _root_.scala.Seq.empty, afterResultCursor: Option[Cursor] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[LookupSubjectsResponse] with Product with Serializable

    LookupSubjectsResponse contains a single matching subject object ID for the requested subject object type on the permission or relation.

    LookupSubjectsResponse contains a single matching subject object ID for the requested subject object type on the permission or relation.

    subjectObjectId

    subject_object_id is the Object ID of the subject found. May be a * if a wildcard was found. deprecated: use subject

    excludedSubjectIds

    excluded_subject_ids are the Object IDs of the subjects excluded. This list will only contain object IDs if subject_object_id is a wildcard (*) and will only be populated if exclusions exist from the wildcard. deprecated: use excluded_subjects

    permissionship

    permissionship indicates whether the response was partially evaluated or not deprecated: use subject.permissionship

    partialCaveatInfo

    partial_caveat_info holds information of a partially-evaluated caveated response deprecated: use subject.partial_caveat_info

    subject

    subject is the subject found, along with its permissionship.

    excludedSubjects

    excluded_subjects are the subjects excluded. This list will only contain subjects if subject.subject_object_id is a wildcard (*) and will only be populated if exclusions exist from the wildcard.

    afterResultCursor

    after_result_cursor holds a cursor that can be used to resume the LookupSubjects stream after this result.

    Annotations
    @SerialVersionUID()
  13. trait PermissionsServiceFs2Grpc[F[_], A] extends AnyRef
  14. final case class Precondition(operation: Operation = com.authzed.api.v1.permission_service.Precondition.Operation.OPERATION_UNSPECIFIED, filter: Option[RelationshipFilter] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[Precondition] with Product with Serializable

    Precondition specifies how and the existence or absence of certain relationships as expressed through the accompanying filter should affect whether or not the operation proceeds.

    Precondition specifies how and the existence or absence of certain relationships as expressed through the accompanying filter should affect whether or not the operation proceeds.

    MUST_NOT_MATCH will fail the parent request if any relationships match the relationships filter. MUST_MATCH will fail the parent request if there are no relationships that match the filter.

    Annotations
    @SerialVersionUID()
  15. final case class ReadRelationshipsRequest(consistency: Option[Consistency] = _root_.scala.None, relationshipFilter: Option[RelationshipFilter] = _root_.scala.None, optionalLimit: Int = 0, optionalCursor: Option[Cursor] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[ReadRelationshipsRequest] with Product with Serializable

    ReadRelationshipsRequest specifies one or more filters used to read matching relationships within the system.

    ReadRelationshipsRequest specifies one or more filters used to read matching relationships within the system.

    relationshipFilter

    relationship_filter defines the filter to be applied to the relationships to be returned.

    optionalLimit

    optional_limit, if non-zero, specifies the limit on the number of relationships to return before the stream is closed on the server side. By default, the stream will continue resolving relationships until exhausted or the stream is closed due to the client or a network issue.

    optionalCursor

    optional_cursor, if specified, indicates the cursor after which results should resume being returned. The cursor can be found on the ReadRelationshipsResponse object.

    Annotations
    @SerialVersionUID()
  16. final case class ReadRelationshipsResponse(readAt: Option[ZedToken] = _root_.scala.None, relationship: Option[Relationship] = _root_.scala.None, afterResultCursor: Option[Cursor] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[ReadRelationshipsResponse] with Product with Serializable

    ReadRelationshipsResponse contains a Relationship found that matches the specified relationship filter(s).

    ReadRelationshipsResponse contains a Relationship found that matches the specified relationship filter(s). A instance of this response message will be streamed to the client for each relationship found.

    readAt

    read_at is the ZedToken at which the relationship was found.

    relationship

    relationship is the found relationship.

    afterResultCursor

    after_result_cursor holds a cursor that can be used to resume the ReadRelationships stream after this result.

    Annotations
    @SerialVersionUID()
  17. final case class RelationshipFilter(resourceType: String = "", optionalResourceId: String = "", optionalRelation: String = "", optionalSubjectFilter: Option[SubjectFilter] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[RelationshipFilter] with Product with Serializable

    RelationshipFilter is a collection of filters which when applied to a relationship will return relationships that have exactly matching fields.

    RelationshipFilter is a collection of filters which when applied to a relationship will return relationships that have exactly matching fields.

    resource_type is required. All other fields are optional and if left unspecified will not filter relationships.

    Annotations
    @SerialVersionUID()
  18. final case class ResolvedSubject(subjectObjectId: String = "", permissionship: LookupPermissionship = com.authzed.api.v1.permission_service.LookupPermissionship.LOOKUP_PERMISSIONSHIP_UNSPECIFIED, partialCaveatInfo: Option[PartialCaveatInfo] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[ResolvedSubject] with Product with Serializable

    ResolvedSubject is a single subject resolved within LookupSubjects.

    ResolvedSubject is a single subject resolved within LookupSubjects.

    subjectObjectId

    subject_object_id is the Object ID of the subject found. May be a * if a wildcard was found.

    permissionship

    permissionship indicates whether the response was partially evaluated or not

    partialCaveatInfo

    partial_caveat_info holds information of a partially-evaluated caveated response

    Annotations
    @SerialVersionUID()
  19. final case class SubjectFilter(subjectType: String = "", optionalSubjectId: String = "", optionalRelation: Option[RelationFilter] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[SubjectFilter] with Product with Serializable

    SubjectFilter specifies a filter on the subject of a relationship.

    SubjectFilter specifies a filter on the subject of a relationship.

    subject_type is required and all other fields are optional, and will not impose any additional requirements if left unspecified.

    Annotations
    @SerialVersionUID()
  20. final case class WriteRelationshipsRequest(updates: Seq[RelationshipUpdate] = _root_.scala.Seq.empty, optionalPreconditions: Seq[Precondition] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[WriteRelationshipsRequest] with Product with Serializable

    WriteRelationshipsRequest contains a list of Relationship mutations that should be applied to the service.

    WriteRelationshipsRequest contains a list of Relationship mutations that should be applied to the service. If the optional_preconditions parameter is included, all of the specified preconditions must also be satisfied before the write will be committed.

    optionalPreconditions

    To be bounded by configuration

    Annotations
    @SerialVersionUID()
  21. final case class WriteRelationshipsResponse(writtenAt: Option[ZedToken] = _root_.scala.None, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[WriteRelationshipsResponse] with Product with Serializable
    Annotations
    @SerialVersionUID()

Value Members

  1. object CheckPermissionRequest extends GeneratedMessageCompanion[CheckPermissionRequest]
  2. object CheckPermissionRequestValidator extends Validator[CheckPermissionRequest]
  3. object CheckPermissionResponse extends GeneratedMessageCompanion[CheckPermissionResponse]
  4. object CheckPermissionResponseValidator extends Validator[CheckPermissionResponse]
  5. object Consistency extends GeneratedMessageCompanion[Consistency]
  6. object ConsistencyValidator extends Validator[Consistency]
  7. object DeleteRelationshipsRequest extends GeneratedMessageCompanion[DeleteRelationshipsRequest]
  8. object DeleteRelationshipsRequestValidator extends Validator[DeleteRelationshipsRequest]
  9. object DeleteRelationshipsResponse extends GeneratedMessageCompanion[DeleteRelationshipsResponse]
  10. object DeleteRelationshipsResponseValidator extends Validator[DeleteRelationshipsResponse]
  11. object ExpandPermissionTreeRequest extends GeneratedMessageCompanion[ExpandPermissionTreeRequest]
  12. object ExpandPermissionTreeRequestValidator extends Validator[ExpandPermissionTreeRequest]
  13. object ExpandPermissionTreeResponse extends GeneratedMessageCompanion[ExpandPermissionTreeResponse]
  14. object ExpandPermissionTreeResponseValidator extends Validator[ExpandPermissionTreeResponse]
  15. object LookupPermissionship extends GeneratedEnumCompanion[LookupPermissionship]
  16. object LookupResourcesRequest extends GeneratedMessageCompanion[LookupResourcesRequest]
  17. object LookupResourcesRequestValidator extends Validator[LookupResourcesRequest]
  18. object LookupResourcesResponse extends GeneratedMessageCompanion[LookupResourcesResponse]
  19. object LookupResourcesResponseValidator extends Validator[LookupResourcesResponse]
  20. object LookupSubjectsRequest extends GeneratedMessageCompanion[LookupSubjectsRequest]
  21. object LookupSubjectsRequestValidator extends Validator[LookupSubjectsRequest]
  22. object LookupSubjectsResponse extends GeneratedMessageCompanion[LookupSubjectsResponse]
  23. object LookupSubjectsResponseValidator extends Validator[LookupSubjectsResponse]
  24. object PermissionServiceProto extends GeneratedFileObject
  25. object PermissionsServiceFs2Grpc extends GeneratedCompanion[PermissionsServiceFs2Grpc]
  26. object PermissionsServiceGrpc
  27. object Precondition extends GeneratedMessageCompanion[Precondition]
  28. object PreconditionValidator extends Validator[Precondition]
  29. object ReadRelationshipsRequest extends GeneratedMessageCompanion[ReadRelationshipsRequest]
  30. object ReadRelationshipsRequestValidator extends Validator[ReadRelationshipsRequest]
  31. object ReadRelationshipsResponse extends GeneratedMessageCompanion[ReadRelationshipsResponse]
  32. object ReadRelationshipsResponseValidator extends Validator[ReadRelationshipsResponse]
  33. object RelationshipFilter extends GeneratedMessageCompanion[RelationshipFilter]
  34. object RelationshipFilterValidator extends Validator[RelationshipFilter]
  35. object ResolvedSubject extends GeneratedMessageCompanion[ResolvedSubject]
  36. object ResolvedSubjectValidator extends Validator[ResolvedSubject]
  37. object SubjectFilter extends GeneratedMessageCompanion[SubjectFilter]
  38. object SubjectFilterValidator extends Validator[SubjectFilter]
  39. object WriteRelationshipsRequest extends GeneratedMessageCompanion[WriteRelationshipsRequest]
  40. object WriteRelationshipsRequestValidator extends Validator[WriteRelationshipsRequest]
  41. object WriteRelationshipsResponse extends GeneratedMessageCompanion[WriteRelationshipsResponse]
  42. object WriteRelationshipsResponseValidator extends Validator[WriteRelationshipsResponse]

Ungrouped