- Community
- Open Source
- Introduction
- POSTWrite Authorization Data
- POSTRead Relationships
- POSTRead Attributes
- POSTRun Bundle
- POSTDelete Data
- POSTCheck Access Control
- POSTExpand API
- POSTSubject Filtering
- POSTLookup Entity (Data Filtering)
- POSTLookup Entity (Streaming)
- POSTSubject Permission List
- POSTWatch API
API Documentation
Data Service
Permission Service
Watch Service
Lookup Entity (Streaming)
Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.
PermissionLookupEntityRequest is the request message for the LookupEntity method in the Permission service.
PermissionLookupEntityRequestMetadata metadata for the PermissionLookupEntityRequest.
Version of the schema.
The snap token to avoid stale cache, see more details on Snap Tokens.
Query limit when if recursive database queries got in loop.
Type of the entity to lookup, required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.
Name of the permission to check, required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.
Subject represents an entity subject with a type, an identifier, and a relation.
Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.
A repeated field of tuples involved in the operation.
A repeated field of attributes associated with the operation.
Additional data associated with the context.
str, err: = client.Permission.LookupEntityStream(context.Background(), &v1.PermissionLookupEntityRequest {
Metadata: &v1.PermissionLookupEntityRequestMetadata {
SnapToken: "",
SchemaVersion: ""
Depth: 50,
},
EntityType: "document",
Permission: "view",
Subject: &v1.Subject {
Type: "user",
Id: "1",
},
})
// handle stream response
for {
res, err: = str.Recv()
if err == io.EOF {
break
}
// res.EntityId
}{
"result": {
"entity_id": "<string>"
},
"error": {
"code": 123,
"message": "<string>",
"details": [
{
"@type": "<string>"
}
]
}
}The difference between this endpoint from direct Lookup Entity is response of this entity gives the IDs’ as stream. This could be useful if you have large data set that getting all of the authorized data can take long with direct lookup entity endpoint.
Path Parameters
Identifier of the tenant, if you are not using multi-tenancy (have only one tenant) use pre-inserted tenant <code>t1</code> for this field. Required, and must match the pattern \“[a-zA-Z0-9-,]+\“, max 64 bytes.
Body
PermissionLookupEntityRequestMetadata metadata for the PermissionLookupEntityRequest.
Version of the schema.
The snap token to avoid stale cache, see more details on Snap Tokens.
Query limit when if recursive database queries got in loop.
Type of the entity to lookup, required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.
Name of the permission to check, required, must start with a letter and can include alphanumeric and underscore, max 64 bytes.
Subject represents an entity subject with a type, an identifier, and a relation.
Context encapsulates the information related to a single operation, including the tuples involved and the associated attributes.
A repeated field of tuples involved in the operation.
Entity represents an entity with a type and an identifier.
Subject represents an entity subject with a type, an identifier, and a relation.
A repeated field of attributes associated with the operation.
Entity represents an entity with a type and an identifier.
Any contains an arbitrary serialized protocol buffer message along with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
JSON
The JSON representation of an Any value uses the regular
representation of the deserialized, embedded message, with an
additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
value which holds the custom JSON in addition to the @type
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
path/google.protobuf.Duration). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme http, https, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
- If no scheme is provided,
httpsis assumed. - An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
- Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)
Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com.
Schemes other than http, https (or the empty scheme) might be
used with implementation specific semantics.
Additional data associated with the context.
Response
PermissionLookupEntityStreamResponse is the response message for the LookupEntityStream method in the Permission service.
Identifier for an entity that matches the lookup.
A URL/resource name that uniquely identifies the type of the serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
path/google.protobuf.Duration). The name should be in a canonical form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that they
expect it to use in the context of Any. However, for URLs which use the
scheme http, https, or no scheme, one can optionally set up a type
server that maps type URLs to message definitions as follows:
- If no scheme is provided,
httpsis assumed. - An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error.
- Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.)
Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com.
Schemes other than http, https (or the empty scheme) might be
used with implementation specific semantics.
str, err: = client.Permission.LookupEntityStream(context.Background(), &v1.PermissionLookupEntityRequest {
Metadata: &v1.PermissionLookupEntityRequestMetadata {
SnapToken: "",
SchemaVersion: ""
Depth: 50,
},
EntityType: "document",
Permission: "view",
Subject: &v1.Subject {
Type: "user",
Id: "1",
},
})
// handle stream response
for {
res, err: = str.Recv()
if err == io.EOF {
break
}
// res.EntityId
}{
"result": {
"entity_id": "<string>"
},
"error": {
"code": 123,
"message": "<string>",
"details": [
{
"@type": "<string>"
}
]
}
}