openfga/community

Allow API to crawl data without IDs

geoffroybraun opened this issue · 0 comments

geoffroybraun commented

Hi there,

Recently, we had an ubiquitous language update which forced us to make our authorization model evolve. Nothing difficult so far. But this also forces us to migrate our data, changing from one type to another. Unfortunately, the API does not allow to crawl data without providing IDs.

The idea here is to be able to call the read enpoint (/stores/{store_id}/read) without providing IDs (we would still be able to provide both page_size and continuation_token if required).

Here's an example of such a call:

{
 "tuple_key": {
     "user": "user:",
     "relation": "reader",
     "object": "document:"
  }
}

The fact that we do not provide a user ID nor a document one would mean we want to look for ALL relations involving users having a reader relation with any document.

The response would still be the same format:

{
  "tuples": [
    {
      "key": {
        "user": "user:john",
        "relation": "reader",
        "object": "document:2021-budget"
      },
      "timestamp": "2021-10-06T15:32:11.128Z"
    },
    {
      "key": {
        "user": "user:john",
        "relation": "reader",
        "object": "document:2022-budget"
      },
      "timestamp": "2021-10-06T15:32:11.128Z"
    },
    {
      "key": {
        "user": "user:jane",
        "relation": "reader",
        "object": "document:2022-budget"
      },
      "timestamp": "2021-10-06T15:32:11.128Z"
    },
    {
      "key": {
        "user": "user:jane",
        "relation": "reader",
        "object": "document:2023-budget"
      },
      "timestamp": "2021-10-06T15:32:11.128Z"
    }
  ],
  "continuation_token": "eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ=="
}

The response above shows that we have 2 users (John and Jane) having relations with 3 documents 2021-budget, 2022-budget and 2023-budget. I don't have any opinion on how data should ordered before being returned, the current logic can remain the same.

I am aware that this may have an impact on OpenFga performances, but without such a behavior, we would not be able to update our data without directly querying the database (which is definitely something we do not want to do).

Please let me know if you need further information, cheers!