Open
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
For the following tuples:
groups:readers#owner@user1
groups:readers#member@user2
files:foo.txt#access@groups:readers# (subset with empty relation, regardless of relation all should have access)
On version v0.8.0, the following check returns {allowed:true}
curl -X GET "http://127.0.0.1:4466/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
However, the same check on v0.11.1-alpha.0 returns {allowed:false}
curl -X GET "http://127.0.0.1:4466/relation-tuples/check?namespace=files&object=foo.txt&relation=access&subject_id=user1"
Reproducing the bug
- Spin a keto container version v0.8.0 connected to another container running mysql db
- Run the curl command to create the two tuples mentioned above
- Run the v0.8.0 respective check curl, it should return {allowed:true}
- Redeploy the keto container with v0.11.1-alpha.0
- Run the migrations
- Run the v0.11.1-alpha.0 respective check curl, it will return {allowed:false}, expected to be {allowed:true} as in the v0.8.0
Relevant log output
No response
Relevant configuration
No response
Version
v0.11.1-alpha.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response