Skip to content

Commit

Permalink
Merge pull request #290 from authzed/ecordell-patch-1
Browse files Browse the repository at this point in the history 
Update materialize doc with simpler SQL
  • Loading branch information
@ecordell
ecordell authored Dec 19, 2024
2 parents e1ac1e4 + 74865e6 commit 578a536
Showing 1 changed file with 26 additions and 32 deletions.
58 changes: 26 additions & 32 deletions pages/authzed/concepts/authzed-materialize.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ resource#edit@user

### Relational Database

You can find [here](https://dbfiddle.uk/OP5GwjoG) a runnable version of these examples
You can find a runnable version of these examples [here](https://dbfiddle.uk/dX10Cu3Z).

These are tables you likely already have in your database

Expand Down Expand Up @@ -162,22 +162,19 @@ Find all documents `evan` can `view:`

```sql
SELECT d.id FROM documents d
INNER JOIN set_to_set s2s ON d.id = s2s.parent_id
INNER JOIN member_to_set m2s ON m2s.set_id = s2s.child_id AND m2s.set_type = s2s.child_type AND m2s.set_relation = s2s.child_relation
LEFT JOIN set_to_set s2s ON d.id = s2s.parent_id
INNER JOIN member_to_set m2s ON (m2s.set_id = s2s.child_id AND m2s.set_type = s2s.child_type AND m2s.set_relation = s2s.child_relation) OR (d.id = m2s.set_id )
INNER JOIN users u ON u.id = m2s.member_id
WHERE u.name = 'evan'
AND m2s.member_type = 'user'
AND m2s.member_relation = ''
AND s2s.parent_type = 'document'
AND s2s.parent_relation='view'
UNION
SELECT d.id FROM documents d
INNER JOIN member_to_set m2s ON d.id = m2s.set_id
INNER JOIN users u ON u.id = m2s.member_id
WHERE u.name = 'evan'
AND m2s.member_type = 'user'
AND m2s.member_relation = ''
AND m2s.set_type = 'document' AND m2s.set_relation = 'view';
WHERE
u.name = 'evan' AND
m2s.member_type = 'user' AND
m2s.member_relation = '' AND ((
s2s.parent_type = 'document' AND
s2s.parent_relation='view'
) OR (
m2s.set_type = 'document' AND
m2s.set_relation = 'view'
));
```

| id |
Expand All @@ -189,22 +186,19 @@ The same query, by changing only the username, will find all documents `victor`

```sql
SELECT d.id FROM documents d
INNER JOIN set_to_set s2s ON d.id = s2s.parent_id
INNER JOIN member_to_set m2s ON m2s.set_id = s2s.child_id AND m2s.set_type = s2s.child_type AND m2s.set_relation = s2s.child_relation
INNER JOIN users u ON u.id = m2s.member_id
WHERE u.name = 'victor'
AND m2s.member_type = 'user'
AND m2s.member_relation = ''
AND s2s.parent_type = 'document'
AND s2s.parent_relation='view'
UNION
SELECT d.id FROM documents d
INNER JOIN member_to_set m2s ON d.id = m2s.set_id
LEFT JOIN set_to_set s2s ON d.id = s2s.parent_id
INNER JOIN member_to_set m2s ON (m2s.set_id = s2s.child_id AND m2s.set_type = s2s.child_type AND m2s.set_relation = s2s.child_relation) OR (d.id = m2s.set_id )
INNER JOIN users u ON u.id = m2s.member_id
WHERE u.name = 'victor'
AND m2s.member_type = 'user'
AND m2s.member_relation = ''
AND m2s.set_type = 'document' AND m2s.set_relation = 'view';
WHERE
u.name = 'victor' AND
m2s.member_type = 'user' AND
m2s.member_relation = '' AND ((
s2s.parent_type = 'document' AND
s2s.parent_relation='view'
) OR (
m2s.set_type = 'document' AND
m2s.set_relation = 'view'
));
```

| id |
Expand Down Expand Up @@ -243,7 +237,7 @@ INSERT INTO set_to_document_view (child_set, document_id)
('group:shared#member', '456');
```

Note that an extra entry (`document:123#view`, `123`) was added to simplify the join side (avoiding the union in the previous example).
Note that an extra entry (`document:123#view`, `123`) was added to simplify the join side (avoiding the `left join` in the previous example).
The queries are a bit simpler, though they can't be used to answer any permission check other than `document#view@user`.

Find all documents `evan` can `view`:
Expand Down

0 comments on commit 578a536

Please sign in to comment.