Skip to content

[BUG] Entity lookup does not take in consideration recursive permissions if the permission is based on attributesΒ #2745

New issue
New issue
Open
Open
[BUG] Entity lookup does not take in consideration recursive permissions if the permission is based on attributes#2745
Assignees
mooreds
Labels
bugSometing isn't working
@mezakos

Description

@mezakos
mezakos
opened on Jan 29, 2026

Describe the bug
Entity lookup does not take in consideration recursive permissions if the permission is based on attributes

To Reproduce
Use the following data:

schema: |-
  entity user {}

  entity resource {
      relation parent @resource
      relation creator @user

      attribute is_public boolean

      permission view = is_public or parent.view
  }
relationships:
  - resource:r1#parent@resource:default
  - resource:r1#creator@user:u1
attributes:
  - resource:default$is_public|boolean:true

Call:

curl --request POST \
  --url http://localhost:3476/v1/tenants/t1/permissions/lookup-entity \
  --header 'content-type: application/json' \
  --data '{
  "metadata":{
    "snap_token": "",
    "schema_version": "",
    "depth": 20
  },
  "entity_type": "resource",
  "permission": "view",
  "subject": {
    "type":"user",
    "id":"u1"
  },
  "page_size": 20,
  "continuous_token": ""
}'

Expected behavior
Returned entity ids should be be ["default", "r1"]
Actual: ["default"]

Environment (please complete the following information, because it helps us investigate better):

  • docker
  • Version 1.6.2

Metadata

Metadata

Assignees

Labels

bugSometing isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions