Giters

ory / keto

The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.

Home Page:https://www.ory.sh/?utm_source=github&utm_medium=banner&utm_campaign=keto

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

LIMIT argument is incorrectly set to 2 instead of 1

aeneasr opened this issue · comments

commented

Preflight checklist

Describe the bug

Calls to checkDirect perform a GetRelationTuples query with x.WithSize(1) to check whether a tuple was found or not.

keto/internal/check/engine.go

Lines 162 to 179 in a39325c

if rels, _, err := e.d.RelationTupleManager().GetRelationTuples(
ctx,
r.ToQuery(),
x.WithSize(1),
); err == nil && len(rels) > 0 {
resultCh <- checkgroup.Result{
Membership: checkgroup.IsMember,
Tree: &ketoapi.Tree[*relationtuple.RelationTuple]{
Type: ketoapi.TreeNodeLeaf,
Tuple: r,
},
}
} else {
resultCh <- checkgroup.Result{
Membership: checkgroup.NotMember,
}
}
}

For some reason though, we use the limit + 1 in the query:

keto/internal/persistence/sql/relationtuples.go

Lines 215 to 218 in a39325c

sqlQuery := p.QueryWithNetwork(ctx).
Order("shard_id, nid").
Where("shard_id > ?", pagination.LastID).
Limit(pagination.PerPage + 1)

So what should be LIMIT 1 (we have a binary question - does it exist or not?) we end up with LIMIT 2

Reproducing the bug

Look at a GetActiveProject trace in Grafana.

Relevant log output

No response

Relevant configuration

No response

Version

master

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

commented

I understand why this is done like this - we use the +1 offset to check if there is another item we need to return pagination for. However, when we use a limit of 1 we don't want to see the next page anyways, I would say.