biscuit-rust icon indicating copy to clipboard operation
biscuit-rust copied to clipboard
verified publisher icon biscuit-auth

Merging block builders with scope annotations

Open divarvel opened this issue 2 years ago • 0 comments

Blocks can start with a trusting annotation that will apply to all the rule bodies with no trusting annotation.

trusting authority, <public_key>;
check if fact(true); // equivalent to `check if fact(true) trusting authority, <public key>;`

What should happen when merging trusting authority; check if fact(true); into trusting <public key>; check if fact(false); or check if fact(true); into trusting <public key>; check if fact(false); ?

i see several possibilities:

  1. ignore the trusting annotation of the second block (current behaviour)
  2. modify the rules with no scope annotations of the second block to inject the scope annotations before adding them to the first block
  • if the second block does not have a scope annotation, then don't do anything (rules will then default to the scope annotation of the first block)
  • if the second block does not have a scope annotation, then inject the default trusted scopes in rules (rules will then not default to the scope annotation of the first block)
  1. if the second block has a scope annotation, raise an error (this would require modifying the signature of BlockBuilder.merge()

divarvel avatar Oct 31 '23 22:10 divarvel