Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] - Context data type mismatch in access check request #1815

Open
santinogue opened this issue Nov 29, 2024 · 2 comments
Open

[BUG] - Context data type mismatch in access check request #1815

santinogue opened this issue Nov 29, 2024 · 2 comments
Assignees
Labels
bug Someting isn't working

Comments

@santinogue
Copy link

Describe the bug
When sending an access check request for an specific action, using context data, the request fails with the following error:

proto: mismatched message type: got "base.v1.BooleanValue", want "base.v1.IntegerValue"

The error occurs even though the provided context data is of type integer, as required by the definition of the rule in the schema.

Steps to reproduce the behavior:

Having this schema:

entity user {}

entity plan {
    attribute maps_available integer

    relation subscriber @user

    action create_maps = subscriber and valid_map_quota(maps_available)
}

rule valid_map_quota(maps_available integer) {
    context.data.maps_count < maps_available
}

Add the following tuple to the database:

{
    "tuples": [
        {
            "entity": {
                "type": "plan",
                "id": "1"
            },
            "relation": "subscriber",
            "subject": {
                "type": "user",
                "id": "1",
                "relation": ""
            }
        }
    ]
}

Send this access check request:

curl --location 'localhost:3476/v1/tenants/t1/permissions/check' \
--header 'Content-Type: application/json' \
--data '{
  "metadata": {
    "depth": 2000
  },
  "entity": {
    "type": "plan",
    "id": "1"
  },
  "permission": "create_maps",
  "subject": {
    "type": "user",
    "id": "1",
    "relation": ""
  },
  "context": {
    "data": {
        "maps_count": 0
    }
  }
}'

Observe the response:

{
    "code": 13,
    "message": "proto: mismatched message type: got \"base.v1.BooleanValue\", want \"base.v1.IntegerValue\"",
    "details": []
}

Example Application
Currently, no standalone example application is available, but the steps above can be replicated using the schema and database configuration provided.

Expected behavior
The access check request should successfully evaluate the valid_map_quota rule using the provided context.data.maps_count value and return a BooleanValue indicating whether the create_maps action is permitted.

Additional context
The error indicates a type mismatch between the maps_count value in the request and the expected type in the valid_map_quota rule.
The maps_count value in the request context is an integer (0), which aligns with the schema definition (integer). The source of the mismatch is unclear.

Environment
Permify Version: v1.2.3

@santinogue santinogue added the bug Someting isn't working label Nov 29, 2024
@tolgaOzen
Copy link
Member

Hi @santinogue ,

I ran a test using Permify v1.2.3, and I did not encounter the issue you mentioned. Could I have missed something? Below are the steps I followed:

  1. Schema Creation:

I created a schema using the following request to http://localhost:3476/v1/tenants/test/schemas/write:

{
    "schema": "entity user {}\n\nentity plan {\n    attribute maps_available integer\n\n    relation subscriber @user\n\n    action create_maps = subscriber and valid_map_quota(maps_available)\n}\n\nrule valid_map_quota(maps_available integer) {\n    context.data.maps_count < maps_available\n}"
}
  1. Data Creation:

I then created data using the following request to http://localhost:3476/v1/tenants/test/data/write:

{
    "metadata": {
        "schema_version": "ct5eg5d8sam5prq81e10"
    },
    "tuples": [
        {
            "entity": {
                "type": "plan",
                "id": "1"
            },
            "relation": "subscriber",
            "subject": {
                "type": "user",
                "id": "1",
                "relation": ""
            }
        }
    ],
    "attributes": [
        {
            "entity": {
                "type": "plan",
                "id": "1"
            },
            "attribute": "maps_available",
            "value": {
                "@type": "type.googleapis.com/base.v1.IntegerValue",
                "data": 3
            }
        }
    ]
}
  1. Permission Check:

Finally, I performed a permission check with this request to http://localhost:3476/v1/tenants/test/permissions/check:

{
    "metadata": {
        "snap_token": "",
        "schema_version": "ct5eg5d8sam5prq81e10",
        "depth": 100
    },
    "entity": {
        "type": "plan",
        "id": "1"
    },
    "permission": "create_maps",
    "subject": {
        "type": "user",
        "id": "1"
    },
    "context": {
        "data": {
            "maps_count": 0
        }
    }
}
  1. Response:

The response I received was:

{
    "can": "CHECK_RESULT_ALLOWED",
    "metadata": {
        "check_count": 1
    }
}

@tolgaOzen
Copy link
Member

Hello @santinogue, is there any update? Were you able to test it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Someting isn't working
Projects
None yet
Development

No branches or pull requests

3 participants