Recursion limit #341
Description
Describe the bug
Is there (supposed to be) a limit on the levels of recursion when listing relationship based permissions?
I wasn't able to find anything in the documentation about this, one level down (e.g. tenant > partner) listing relationships works, but two or multiple levels down (e.g. tenant > partner > customer) rarely works at all
To Reproduce
{
"type": "user",
"relations": {}
},
{
"type": "tenant",
"relations": {
"admin": {},
}
},
{
"type": "partner",
"relations": {
"parent": {},
"member": {
"inheritIf": "admin",
"withRelation": "parent",
"ofType": "tenant"
}
}
},
{
"type": "account",
"relations": {
"owner": {},
"member": {
"inheritIf": "member",
"withRelation": "owner",
"ofType": "partner"
}
}
}
Objects:
| Type | Name | Relations |
|---|---|---|
| User | stephen | admin->tenant:test |
| Tenant | test | - |
| Partner | testpart | parent->tenant:test |
| Account | customer1 | owner->partner:testpart |
Expected result: stephen gets the member role on the partner object testpart
Actual result (check user:stephen member partner:testpart): True
Actual result (select partner where user:stephen is member): partner:testpart
But when adding another level of relationships, the list results start showing up empty:
Expected result: stephen has the member role on the account object customer1
Actual result (check user:stephen member account:customer1): True
Actual result (select account where user:stephen is member): empty
So the checks still report the correct result, but they're not showing in the listing
Expected behavior
With the explicit flag is not set, one would assume the account should show up in the last select account-query, haven't been able to find anything in the documentation on a limit of X levels of checks so far