feat: replace namespace permissions with per-node graph permission model (can_read/can_create_rel/can_write/has_ownership)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -28,89 +28,119 @@ func mentions(t string) []string {
|
||||
|
||||
func (s *nodeServiceImpl) User() string { return s.userID }
|
||||
|
||||
// --- Access control ---
|
||||
// --- Permission model ---
|
||||
//
|
||||
// Four levels (inclusive: higher includes lower):
|
||||
// 1 can_read – visible in list/show
|
||||
// 2 can_create_rel – can create non-permission relations between nodes
|
||||
// 3 can_write – can update/delete a node
|
||||
// 4 has_ownership – sole owner; deletion cascades to owned nodes
|
||||
//
|
||||
// Permissions are transitive: if A has level L on B, and B has level M on C,
|
||||
// then A has level min(L, M) on C. Computed by BFS from the user's own node.
|
||||
// Users have self-ownership (has_ownership → self), so BFS starts at level 4.
|
||||
//
|
||||
// Rules for adding edge rels in Add/Update:
|
||||
// Non-perm rel A → B : need can_create_rel on A, can_read on B
|
||||
// Perm rel A --perm_P→ B : need perm_P on B (resource owner grants to any subject)
|
||||
// Ownership A --has_ownership→ B : need has_ownership on B + can_create_rel on A
|
||||
// → also removes existing ownership rels pointing to B
|
||||
//
|
||||
// Field/tag changes and rel removals require can_write on the node.
|
||||
|
||||
// accessContext holds namespace IDs readable/writable by the current user.
|
||||
// Nodes with no in_namespace are globally accessible (empty namespaceID always passes).
|
||||
type accessContext struct {
|
||||
readable map[string]bool
|
||||
writable map[string]bool
|
||||
}
|
||||
const (
|
||||
permRead = 1
|
||||
permCreateRel = 2
|
||||
permWrite = 3
|
||||
permOwnership = 4
|
||||
)
|
||||
|
||||
func (ac *accessContext) canRead(namespaceID string) bool {
|
||||
if namespaceID == "" {
|
||||
// isReferenceRel returns true for rels that point to "identity" nodes (users, namespaces).
|
||||
// For these rels, the target only needs can_read (not can_create_rel), because users and
|
||||
// namespaces are globally readable and any node can reference them.
|
||||
func isReferenceRel(t models.RelType) bool {
|
||||
switch t {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions, models.RelInNamespace:
|
||||
return true
|
||||
}
|
||||
return ac.readable[namespaceID]
|
||||
return false
|
||||
}
|
||||
|
||||
func (ac *accessContext) canWrite(namespaceID string) bool {
|
||||
if namespaceID == "" {
|
||||
return true
|
||||
}
|
||||
return ac.writable[namespaceID]
|
||||
// permRelLevels maps permission rel types to their numeric level.
|
||||
var permRelLevels = map[models.RelType]int{
|
||||
models.RelCanRead: permRead,
|
||||
models.RelCanCreateRel: permCreateRel,
|
||||
models.RelCanWrite: permWrite,
|
||||
models.RelHasOwnership: permOwnership,
|
||||
}
|
||||
|
||||
// getAccessContext builds an accessContext by reading the current user's outgoing
|
||||
// has_write_access and has_read_access rels. If the user node does not yet exist
|
||||
// (first-time bootstrap) both maps are empty.
|
||||
func (s *nodeServiceImpl) getAccessContext() (*accessContext, error) {
|
||||
ctx := &accessContext{
|
||||
readable: make(map[string]bool),
|
||||
writable: make(map[string]bool),
|
||||
}
|
||||
type permContext struct {
|
||||
levels map[string]int
|
||||
}
|
||||
|
||||
func (pc *permContext) level(nodeID string) int { return pc.levels[nodeID] }
|
||||
func (pc *permContext) canRead(nodeID string) bool { return pc.levels[nodeID] >= permRead }
|
||||
func (pc *permContext) canCreateRel(nodeID string) bool { return pc.levels[nodeID] >= permCreateRel }
|
||||
func (pc *permContext) canWrite(nodeID string) bool { return pc.levels[nodeID] >= permWrite }
|
||||
func (pc *permContext) hasOwnership(nodeID string) bool { return pc.levels[nodeID] >= permOwnership }
|
||||
|
||||
// getPermContext builds a permContext by BFS from the current user's node,
|
||||
// following permission rels and taking the minimum level along each path.
|
||||
// User and namespace nodes are made globally readable after the BFS.
|
||||
// If the user node doesn't exist yet, returns an empty permContext (no access);
|
||||
// Add operations still work because unresolved targets skip the permission check.
|
||||
func (s *nodeServiceImpl) getPermContext() (*permContext, error) {
|
||||
userNodeID, err := s.resolveIDByNameAndType(s.store, s.userID, "user")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
pc := &permContext{levels: make(map[string]int)}
|
||||
if userNodeID == "" {
|
||||
return ctx, nil // not yet bootstrapped; no namespace permissions
|
||||
return pc, nil // user not bootstrapped yet; Add will auto-create user node
|
||||
}
|
||||
userNode, err := s.store.GetNode(userNodeID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rels := userNode.Relations
|
||||
for _, nsID := range rels[string(models.RelHasWriteAccess)] {
|
||||
ctx.writable[nsID] = true
|
||||
ctx.readable[nsID] = true
|
||||
}
|
||||
for _, nsID := range rels[string(models.RelHasReadAccess)] {
|
||||
ctx.readable[nsID] = true
|
||||
}
|
||||
return ctx, nil
|
||||
}
|
||||
|
||||
// nodeNamespaceID returns the first in_namespace target of n, or "" if none.
|
||||
func (s *nodeServiceImpl) nodeNamespaceID(n *models.Node) string {
|
||||
ids := n.Relations[string(models.RelInNamespace)]
|
||||
if len(ids) == 0 {
|
||||
return ""
|
||||
type entry struct {
|
||||
nodeID string
|
||||
level int
|
||||
}
|
||||
return ids[0]
|
||||
}
|
||||
|
||||
// checkRelTargetWrite verifies the current user has write access to the namespace
|
||||
// of each edge rel target. Tag rels (empty Target) and targets that do not yet
|
||||
// exist are skipped.
|
||||
func (s *nodeServiceImpl) checkRelTargetWrite(ac *accessContext, addRels []RelInput) error {
|
||||
for _, ri := range addRels {
|
||||
if ri.Target == "" {
|
||||
continue // tag rel — no target node to check
|
||||
// Start at the user's own node at ownership level (users have self-ownership).
|
||||
queue := []entry{{userNodeID, permOwnership}}
|
||||
for len(queue) > 0 {
|
||||
curr := queue[0]
|
||||
queue = queue[1:]
|
||||
if pc.levels[curr.nodeID] >= curr.level {
|
||||
continue // already reached at a higher or equal level
|
||||
}
|
||||
targetID, found := s.lookupRelTarget(ri.Type, ri.Target)
|
||||
if !found || targetID == "" {
|
||||
continue
|
||||
}
|
||||
targetNode, err := s.store.GetNode(targetID)
|
||||
pc.levels[curr.nodeID] = curr.level
|
||||
node, err := s.store.GetNode(curr.nodeID)
|
||||
if err != nil {
|
||||
continue // let the transaction surface missing-node errors
|
||||
continue // node may have been deleted; skip
|
||||
}
|
||||
if !ac.canWrite(s.nodeNamespaceID(targetNode)) {
|
||||
return fmt.Errorf("permission denied: no write access to namespace of %s target %q", ri.Type, ri.Target)
|
||||
for relType, pLevel := range permRelLevels {
|
||||
for _, tgt := range node.Relations[string(relType)] {
|
||||
eff := curr.level
|
||||
if pLevel < eff {
|
||||
eff = pLevel
|
||||
}
|
||||
if eff > pc.levels[tgt] {
|
||||
queue = append(queue, entry{tgt, eff})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
||||
// User and namespace nodes are globally readable (they represent identities,
|
||||
// and anyone can reference or assign to them).
|
||||
for _, nodeType := range []string{"user", "namespace"} {
|
||||
nodes, _ := s.store.FindNodes([]*models.Rel{{Type: models.RelType("_type::" + nodeType), Target: ""}})
|
||||
for _, n := range nodes {
|
||||
if pc.levels[n.ID] < permRead {
|
||||
pc.levels[n.ID] = permRead
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return pc, nil
|
||||
}
|
||||
|
||||
// --- Validation ---
|
||||
@@ -155,11 +185,11 @@ func (s *nodeServiceImpl) GetByID(id string) (*models.Node, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ac, err := s.getAccessContext()
|
||||
pc, err := s.getPermContext()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if !ac.canRead(s.nodeNamespaceID(n)) {
|
||||
if !pc.canRead(id) {
|
||||
return nil, fmt.Errorf("permission denied: no read access to node %s", id)
|
||||
}
|
||||
return n, nil
|
||||
@@ -169,13 +199,11 @@ func (s *nodeServiceImpl) List(filter ListFilter) ([]*models.Node, error) {
|
||||
var storeFilters []*models.Rel
|
||||
for _, ri := range filter.Rels {
|
||||
if ri.Target == "" {
|
||||
// Tag filter: pass through with empty target.
|
||||
storeFilters = append(storeFilters, &models.Rel{Type: ri.Type, Target: ""})
|
||||
} else {
|
||||
// Edge filter: resolve target name to node ID.
|
||||
id, ok := s.lookupRelTarget(ri.Type, ri.Target)
|
||||
if !ok {
|
||||
return nil, nil // named target doesn't exist; no nodes can match
|
||||
return nil, nil
|
||||
}
|
||||
storeFilters = append(storeFilters, &models.Rel{Type: ri.Type, Target: id})
|
||||
}
|
||||
@@ -184,13 +212,13 @@ func (s *nodeServiceImpl) List(filter ListFilter) ([]*models.Node, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ac, err := s.getAccessContext()
|
||||
pc, err := s.getPermContext()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var result []*models.Node
|
||||
for _, n := range nodes {
|
||||
if ac.canRead(s.nodeNamespaceID(n)) {
|
||||
if pc.canRead(n.ID) {
|
||||
result = append(result, n)
|
||||
}
|
||||
}
|
||||
@@ -225,32 +253,43 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// --- Permission check ---
|
||||
ac, err := s.getAccessContext()
|
||||
// Permission checks for edge rels.
|
||||
pc, err := s.getPermContext()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
targetNSName := s.userID
|
||||
for _, ri := range input.Rels {
|
||||
if ri.Type == models.RelInNamespace && ri.Target != "" {
|
||||
targetNSName = ri.Target
|
||||
break
|
||||
if ri.Target == "" {
|
||||
continue // tag rel, no target to check
|
||||
}
|
||||
}
|
||||
if nsID, found := s.lookupRelTarget(models.RelInNamespace, targetNSName); found {
|
||||
if !ac.canWrite(nsID) {
|
||||
return nil, fmt.Errorf("permission denied: no write access to namespace %q", targetNSName)
|
||||
targetID, found := s.lookupRelTarget(ri.Type, ri.Target)
|
||||
if !found {
|
||||
continue // will be auto-created; skip check
|
||||
}
|
||||
}
|
||||
var nonNSEdgeRels []RelInput
|
||||
for _, ri := range input.Rels {
|
||||
if ri.Target != "" && ri.Type != models.RelInNamespace {
|
||||
nonNSEdgeRels = append(nonNSEdgeRels, ri)
|
||||
permLevel, isPerm := permRelLevels[ri.Type]
|
||||
switch {
|
||||
case ri.Type == models.RelHasOwnership:
|
||||
if !pc.hasOwnership(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no ownership of %q to transfer", ri.Target)
|
||||
}
|
||||
case isPerm:
|
||||
if pc.level(targetID) < permLevel {
|
||||
return nil, fmt.Errorf("permission denied: cannot grant %s on %q", ri.Type, ri.Target)
|
||||
}
|
||||
default:
|
||||
// Non-perm rel: source is the new node (creator gets ownership = can_create_rel).
|
||||
// Target: reference rels (assignee/mentions/in_namespace) need can_read; others need can_create_rel.
|
||||
if isReferenceRel(ri.Type) {
|
||||
if !pc.canRead(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no read access to %q", ri.Target)
|
||||
}
|
||||
} else {
|
||||
if !pc.canCreateRel(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no create_rel access to %q", ri.Target)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if err := s.checkRelTargetWrite(ac, nonNSEdgeRels); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
hasNamespace := false
|
||||
for _, ri := range input.Rels {
|
||||
@@ -301,6 +340,13 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if ri.Type == models.RelHasOwnership {
|
||||
// Ownership transfer: remove existing owner of the target.
|
||||
existingOwners, _ := st.FindNodes([]*models.Rel{{Type: models.RelHasOwnership, Target: resolved}})
|
||||
for _, owner := range existingOwners {
|
||||
st.RemoveRel(owner.ID, string(models.RelHasOwnership), resolved) //nolint:errcheck
|
||||
}
|
||||
}
|
||||
if err := st.AddRel(id, string(ri.Type), resolved); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -328,8 +374,17 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// Grant creator ownership of the new node.
|
||||
creatorID, err := s.resolveUserRef(st, s.userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := st.AddRel(creatorID, string(models.RelHasOwnership), id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Namespace bootstrap: when creating a namespace node directly, apply the
|
||||
// same setup as ensureNamespace — self in_namespace and creator write access.
|
||||
// same setup as ensureNamespace — self in_namespace and creator ownership.
|
||||
if tmp.GetProperty("type") == "namespace" {
|
||||
if !hasNamespace {
|
||||
// Replace the default namespace rel (user's ns) with self-reference.
|
||||
@@ -343,13 +398,7 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
return err
|
||||
}
|
||||
}
|
||||
creatorID, err := s.resolveUserRef(st, s.userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := st.AddRel(creatorID, string(models.RelHasWriteAccess), id); err != nil {
|
||||
return err
|
||||
}
|
||||
// Creator already gets ownership via the block above; nothing more to do.
|
||||
}
|
||||
|
||||
return nil
|
||||
@@ -366,20 +415,68 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// --- Permission check ---
|
||||
current, err := s.store.GetNode(id)
|
||||
// --- Permission checks ---
|
||||
pc, err := s.getPermContext()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ac, err := s.getAccessContext()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
// Field/tag changes and rel removals require can_write on the node.
|
||||
needsWrite := input.Title != nil || input.Content != nil || input.DueDate != nil
|
||||
for _, ri := range input.AddRels {
|
||||
if ri.Target == "" {
|
||||
needsWrite = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !ac.canWrite(s.nodeNamespaceID(current)) {
|
||||
if len(input.RemoveRels) > 0 {
|
||||
needsWrite = true
|
||||
}
|
||||
if needsWrite && !pc.canWrite(id) {
|
||||
return nil, fmt.Errorf("permission denied: no write access to node %s", id)
|
||||
}
|
||||
if err := s.checkRelTargetWrite(ac, input.AddRels); err != nil {
|
||||
return nil, err
|
||||
|
||||
// Check each edge rel being added.
|
||||
for _, ri := range input.AddRels {
|
||||
if ri.Target == "" {
|
||||
continue // tag — handled above
|
||||
}
|
||||
permLevel, isPerm := permRelLevels[ri.Type]
|
||||
targetID, found := s.lookupRelTarget(ri.Type, ri.Target)
|
||||
switch {
|
||||
case ri.Type == models.RelHasOwnership:
|
||||
if !found {
|
||||
return nil, fmt.Errorf("ownership target %q not found", ri.Target)
|
||||
}
|
||||
if !pc.hasOwnership(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no ownership of %q to transfer", ri.Target)
|
||||
}
|
||||
if !pc.canCreateRel(id) {
|
||||
return nil, fmt.Errorf("permission denied: no create_rel access to node %s", id)
|
||||
}
|
||||
case isPerm:
|
||||
// Perm rel: need perm_P on target; no check on source.
|
||||
if found && pc.level(targetID) < permLevel {
|
||||
return nil, fmt.Errorf("permission denied: insufficient permission on %q to grant %s", ri.Target, ri.Type)
|
||||
}
|
||||
default:
|
||||
// Non-perm rel: need can_create_rel on source.
|
||||
// Target: reference rels (assignee/mentions/in_namespace) need can_read; others need can_create_rel.
|
||||
if !pc.canCreateRel(id) {
|
||||
return nil, fmt.Errorf("permission denied: no create_rel access to node %s", id)
|
||||
}
|
||||
if found {
|
||||
if isReferenceRel(ri.Type) {
|
||||
if !pc.canRead(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no read access to %s target %q", ri.Type, ri.Target)
|
||||
}
|
||||
} else {
|
||||
if !pc.canCreateRel(targetID) {
|
||||
return nil, fmt.Errorf("permission denied: no create_rel access to %s target %q", ri.Type, ri.Target)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Enforce blocking constraint before allowing status=done.
|
||||
@@ -471,6 +568,13 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
}
|
||||
}
|
||||
}
|
||||
// Ownership transfer: enforce single-owner constraint.
|
||||
if ri.Type == models.RelHasOwnership {
|
||||
existingOwners, _ := st.FindNodes([]*models.Rel{{Type: models.RelHasOwnership, Target: resolved}})
|
||||
for _, owner := range existingOwners {
|
||||
st.RemoveRel(owner.ID, string(models.RelHasOwnership), resolved) //nolint:errcheck
|
||||
}
|
||||
}
|
||||
if err := st.AddRel(id, string(ri.Type), resolved); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -498,18 +602,42 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
}
|
||||
|
||||
func (s *nodeServiceImpl) Delete(id string) error {
|
||||
n, err := s.store.GetNode(id)
|
||||
pc, err := s.getPermContext()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ac, err := s.getAccessContext()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !ac.canWrite(s.nodeNamespaceID(n)) {
|
||||
if !pc.canWrite(id) {
|
||||
return fmt.Errorf("permission denied: no write access to node %s", id)
|
||||
}
|
||||
return s.store.DeleteNode(id)
|
||||
return s.store.Transaction(func(st store.Store) error {
|
||||
return s.cascadeDelete(st, id, make(map[string]bool))
|
||||
})
|
||||
}
|
||||
|
||||
// cascadeDelete deletes id and all nodes it owns (recursively).
|
||||
// visited prevents infinite loops from ownership cycles.
|
||||
func (s *nodeServiceImpl) cascadeDelete(st store.Store, id string, visited map[string]bool) error {
|
||||
if visited[id] {
|
||||
return nil
|
||||
}
|
||||
visited[id] = true
|
||||
node, err := st.GetNode(id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Capture owned node IDs before deleting (DeleteNode cascades the rels).
|
||||
ownedIDs := make([]string, len(node.Relations[string(models.RelHasOwnership)]))
|
||||
copy(ownedIDs, node.Relations[string(models.RelHasOwnership)])
|
||||
if err := st.DeleteNode(id); err != nil {
|
||||
return err
|
||||
}
|
||||
for _, ownedID := range ownedIDs {
|
||||
if ownedID == id {
|
||||
continue // skip self-ownership
|
||||
}
|
||||
s.cascadeDelete(st, ownedID, visited) //nolint:errcheck — node may already be gone
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// --- User management ---
|
||||
@@ -584,10 +712,11 @@ func (s *nodeServiceImpl) resolveRelTarget(st store.Store, ri RelInput) (string,
|
||||
switch ri.Type {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions:
|
||||
return s.resolveUserRef(st, ri.Target)
|
||||
case models.RelInNamespace, models.RelHasReadAccess, models.RelHasWriteAccess:
|
||||
case models.RelInNamespace:
|
||||
return s.resolveNamespaceRef(st, ri.Target)
|
||||
default:
|
||||
return ri.Target, nil // blocks/subtask/related/custom expect raw node IDs
|
||||
// Permission rels and all other edge rels expect raw node IDs.
|
||||
return ri.Target, nil
|
||||
}
|
||||
}
|
||||
|
||||
@@ -601,10 +730,11 @@ func (s *nodeServiceImpl) lookupRelTarget(relType models.RelType, target string)
|
||||
switch relType {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions:
|
||||
nodeType = "user"
|
||||
case models.RelInNamespace, models.RelHasReadAccess, models.RelHasWriteAccess:
|
||||
case models.RelInNamespace:
|
||||
nodeType = "namespace"
|
||||
default:
|
||||
return target, true
|
||||
// Permission rels and other edge rels use raw node IDs.
|
||||
return "", false
|
||||
}
|
||||
id, err := s.resolveIDByNameAndType(s.store, target, nodeType)
|
||||
if err != nil || id == "" {
|
||||
@@ -653,6 +783,10 @@ func (s *nodeServiceImpl) ensureUser(st store.Store, username string) (string, e
|
||||
if err := st.AddRel(id, "_type::user", ""); err != nil {
|
||||
return "", err
|
||||
}
|
||||
// Users have self-ownership by default.
|
||||
if err := st.AddRel(id, string(models.RelHasOwnership), id); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return id, nil
|
||||
}
|
||||
|
||||
@@ -692,8 +826,8 @@ func (s *nodeServiceImpl) ensureNamespace(st store.Store, name string) (string,
|
||||
if err := st.AddRel(id, string(models.RelCreated), userID); err != nil {
|
||||
return "", err
|
||||
}
|
||||
// Grant the creator write access to the new namespace.
|
||||
if err := st.AddRel(userID, string(models.RelHasWriteAccess), id); err != nil {
|
||||
// Creator owns the namespace.
|
||||
if err := st.AddRel(userID, string(models.RelHasOwnership), id); err != nil {
|
||||
return "", err
|
||||
}
|
||||
return id, nil
|
||||
|
||||
Reference in New Issue
Block a user