From 9bfd73597cd495f0ad2e30003ab506a217740755 Mon Sep 17 00:00:00 2001
From: mpw <x@mpw.sh>
Date: Tue, 25 Jul 2023 10:45:19 -0300
Subject: [PATCH] add -collection- to keto namespace

---
 charts/hub-permissions/Chart.yaml             |  2 +-
 .../policies/namespaces.keto.ts               | 25 ++++++++++++++++++-
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/charts/hub-permissions/Chart.yaml b/charts/hub-permissions/Chart.yaml
index 35a5455..09bec7a 100644
--- a/charts/hub-permissions/Chart.yaml
+++ b/charts/hub-permissions/Chart.yaml
@@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.1
+version: 0.4.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/hub-permissions/policies/namespaces.keto.ts b/charts/hub-permissions/policies/namespaces.keto.ts
index 7f188ed..7631afa 100644
--- a/charts/hub-permissions/policies/namespaces.keto.ts
+++ b/charts/hub-permissions/policies/namespaces.keto.ts
@@ -131,6 +131,29 @@ class Drop implements Namespace {
   }
 }
 
+class Collection implements Namespace {
+  related: {
+    owners: User[]
+    editors: User[]
+    viewers: User[]
+    parents: Project[]
+  }
+
+  permits = {
+    view: (ctx: Context): boolean =>
+      this.related.viewers.includes(ctx.subject) ||
+      this.related.parents.traverse((parent) => parent.permits.view(ctx)) ||
+      this.permits.edit(ctx),
+    edit: (ctx: Context): boolean =>
+      this.related.editors.includes(ctx.subject) ||
+      this.related.parents.traverse((parent) => parent.permits.edit(ctx)) ||
+      this.permits.delete(ctx),
+    delete: (ctx: Context): boolean =>
+      this.related.owners.includes(ctx.subject) ||
+      this.related.parents.traverse((parent) => parent.permits.delete(ctx)),
+  }
+}
+
 class Project implements Namespace {
   related: {
     owners: User[]
@@ -175,4 +198,4 @@ class Organization implements Namespace {
       this.related.owners.includes(ctx.subject) ||
       this.related.parents.traverse((parent) => parent.permits.delete(ctx)),
   }
-}
\ No newline at end of file
+}