feat: replace in_namespace relation with ownership-based namespace membership
Remove the in_namespace edge relation. A node now belongs to a namespace if that namespace has has_ownership on it. This simplifies the model: namespace membership is determined by the ownership chain rather than a separate relation type. Changes: - Remove RelInNamespace constant - Add Namespace fields to AddInput, UpdateInput, and ListFilter - Update Add() to resolve namespace from input and assign it as owner - Update List() to filter by namespace ownership instead of in_namespace edges - Update() can now transfer nodes between namespaces via ownership transfer - Remove in_namespace self-references from ensureNamespace/ensureGlobalNamespace The ownership chain now fully describes both permissions and namespace membership, reducing redundancy. All tests pass with the new model. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -72,6 +72,9 @@ func (c *apiClient) GetByID(id string) (*models.Node, error) {
|
||||
|
||||
func (c *apiClient) List(filter ListFilter) ([]*models.Node, error) {
|
||||
q := url.Values{}
|
||||
if filter.Namespace != "" {
|
||||
q.Set("namespace", filter.Namespace)
|
||||
}
|
||||
for _, r := range filter.Rels {
|
||||
if r.Target == "" {
|
||||
q.Add("rel", string(r.Type))
|
||||
|
||||
@@ -34,20 +34,23 @@ type NodeService interface {
|
||||
// Type is "prefix::value"), and edge rels (Target is a node name or ID).
|
||||
// The service applies defaults (type=issue, status=open for issues) and validates.
|
||||
type AddInput struct {
|
||||
Title string
|
||||
Content string
|
||||
DueDate string
|
||||
Rels []RelInput
|
||||
Title string
|
||||
Content string
|
||||
DueDate string
|
||||
Namespace string // namespace name or ID; defaults to the user's personal namespace
|
||||
Rels []RelInput
|
||||
}
|
||||
|
||||
// UpdateInput describes changes to apply to an existing node.
|
||||
// AddRels and RemoveRels accept both tag rels (Target == "") and edge rels.
|
||||
// Setting _status::done in AddRels is rejected when the node has open blockers.
|
||||
// Adding assignee or in_namespace rels replaces the previous single target.
|
||||
// Adding an assignee rel replaces the previous single target.
|
||||
// Setting Namespace transfers ownership from the current namespace to the new one.
|
||||
type UpdateInput struct {
|
||||
Title *string
|
||||
Content *string
|
||||
DueDate *string // nil = no change; pointer to "" = clear due date
|
||||
Namespace *string // nil = no change; namespace name or ID to move node into
|
||||
AddRels []RelInput
|
||||
RemoveRels []RelInput
|
||||
}
|
||||
@@ -56,6 +59,7 @@ type UpdateInput struct {
|
||||
// Tag filters (Target == "") match by rel_name prefix.
|
||||
// Edge filters (Target != "") are resolved to node IDs.
|
||||
type ListFilter struct {
|
||||
Namespace string // when non-empty, only return nodes owned by this namespace
|
||||
Rels []RelInput
|
||||
HasDueDate bool // when true, only return nodes that have a due date set
|
||||
DueWithin *int // when non-nil, only return nodes due within this many days (includes overdue)
|
||||
|
||||
@@ -75,7 +75,7 @@ const (
|
||||
// namespaces are globally readable and any node can reference them.
|
||||
func isReferenceRel(t models.RelType) bool {
|
||||
switch t {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions, models.RelInNamespace:
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions:
|
||||
return true
|
||||
}
|
||||
return false
|
||||
@@ -208,6 +208,28 @@ func (s *nodeServiceImpl) GetByID(id string) (*models.Node, error) {
|
||||
}
|
||||
|
||||
func (s *nodeServiceImpl) List(filter ListFilter) ([]*models.Node, error) {
|
||||
// Resolve namespace filter to owned node IDs.
|
||||
var nsOwnedIDs map[string]bool
|
||||
if filter.Namespace != "" {
|
||||
nsID, _ := s.resolveIDByNameAndType(s.store, filter.Namespace, "namespace")
|
||||
if nsID == "" {
|
||||
if exists, _ := s.store.NodeExists(filter.Namespace); exists {
|
||||
nsID = filter.Namespace
|
||||
}
|
||||
}
|
||||
if nsID == "" {
|
||||
return nil, nil // namespace not found
|
||||
}
|
||||
nsNode, err := s.store.GetNode(nsID)
|
||||
if err != nil {
|
||||
return nil, nil
|
||||
}
|
||||
nsOwnedIDs = make(map[string]bool)
|
||||
for _, ownedID := range nsNode.Relations[string(models.RelHasOwnership)] {
|
||||
nsOwnedIDs[ownedID] = true
|
||||
}
|
||||
}
|
||||
|
||||
var storeFilters []*models.Rel
|
||||
for _, ri := range filter.Rels {
|
||||
if ri.Target == "" {
|
||||
@@ -230,9 +252,13 @@ func (s *nodeServiceImpl) List(filter ListFilter) ([]*models.Node, error) {
|
||||
}
|
||||
var result []*models.Node
|
||||
for _, n := range nodes {
|
||||
if pc.canRead(n.ID) {
|
||||
result = append(result, n)
|
||||
if !pc.canRead(n.ID) {
|
||||
continue
|
||||
}
|
||||
if nsOwnedIDs != nil && !nsOwnedIDs[n.ID] {
|
||||
continue
|
||||
}
|
||||
result = append(result, n)
|
||||
}
|
||||
|
||||
if filter.HasDueDate || filter.DueWithin != nil {
|
||||
@@ -323,13 +349,6 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
}
|
||||
}
|
||||
|
||||
hasNamespace := false
|
||||
for _, ri := range input.Rels {
|
||||
if ri.Type == models.RelInNamespace && ri.Target != "" {
|
||||
hasNamespace = true
|
||||
}
|
||||
}
|
||||
|
||||
dueDate, err := parseDueDate(input.DueDate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -364,9 +383,8 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// Edge rels. Track the namespace the node is placed in for ownership.
|
||||
// Edge rels.
|
||||
hasCreated := false
|
||||
var actualNsID string
|
||||
for _, ri := range input.Rels {
|
||||
if ri.Target == "" {
|
||||
continue // already stored as tag
|
||||
@@ -378,9 +396,6 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if ri.Type == models.RelInNamespace {
|
||||
actualNsID = resolved
|
||||
}
|
||||
if ri.Type == models.RelHasOwnership {
|
||||
// Ownership transfer: remove existing owner of the target.
|
||||
existingOwners, _ := st.FindNodes([]*models.Rel{{Type: models.RelHasOwnership, Target: resolved}})
|
||||
@@ -393,18 +408,6 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// Default namespace.
|
||||
if !hasNamespace {
|
||||
nsID, err := s.resolveNamespaceRef(st, s.userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := st.AddRel(id, string(models.RelInNamespace), nsID); err != nil {
|
||||
return err
|
||||
}
|
||||
actualNsID = nsID
|
||||
}
|
||||
|
||||
// Default created.
|
||||
if !hasCreated {
|
||||
userID, err := s.resolveUserRef(st, s.userID)
|
||||
@@ -417,39 +420,30 @@ func (s *nodeServiceImpl) Add(input AddInput) (*models.Node, error) {
|
||||
}
|
||||
|
||||
// Grant ownership of the new node.
|
||||
// Namespace nodes are owned by their creator. All other nodes are owned
|
||||
// by the namespace they belong to — the user retains transitive ownership
|
||||
// through the namespace's own ownership chain (e.g. user→owns→default-ns→owns→node).
|
||||
// Namespace nodes are owned by their creator (user node).
|
||||
// All other nodes are owned by the namespace they belong to — the user
|
||||
// retains transitive ownership through the namespace's own ownership chain
|
||||
// (e.g. user→has_ownership→default-ns→has_ownership→node).
|
||||
creatorID, err := s.resolveUserRef(st, s.userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ownerID := creatorID
|
||||
if tmp.GetProperty("type") != "namespace" && actualNsID != "" {
|
||||
ownerID = actualNsID
|
||||
if tmp.GetProperty("type") != "namespace" {
|
||||
nsRef := input.Namespace
|
||||
if nsRef == "" {
|
||||
nsRef = s.userID
|
||||
}
|
||||
nsID, err := s.resolveNamespaceRef(st, nsRef)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
ownerID = nsID
|
||||
}
|
||||
if err := st.AddRel(ownerID, string(models.RelHasOwnership), id); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Namespace bootstrap: when creating a namespace node directly, apply the
|
||||
// same setup as ensureNamespace — self in_namespace and creator ownership.
|
||||
if tmp.GetProperty("type") == "namespace" {
|
||||
if !hasNamespace {
|
||||
// Replace the default namespace rel (user's ns) with self-reference.
|
||||
userNsID, _ := s.resolveIDByNameAndType(st, s.userID, "namespace")
|
||||
if userNsID != "" {
|
||||
if err := st.RemoveRel(id, string(models.RelInNamespace), userNsID); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if err := st.AddRel(id, string(models.RelInNamespace), id); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
// Creator already gets ownership via the block above; nothing more to do.
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
@@ -470,8 +464,8 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Field/tag changes and rel removals require can_write on the node.
|
||||
needsWrite := input.Title != nil || input.Content != nil || input.DueDate != nil
|
||||
// Field/tag changes, rel removals, and namespace change require can_write on the node.
|
||||
needsWrite := input.Title != nil || input.Content != nil || input.DueDate != nil || input.Namespace != nil
|
||||
for _, ri := range input.AddRels {
|
||||
if ri.Target == "" {
|
||||
needsWrite = true
|
||||
@@ -619,7 +613,7 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
return err
|
||||
}
|
||||
// Single-value relations replace the previous target.
|
||||
if ri.Type == models.RelAssignee || ri.Type == models.RelInNamespace {
|
||||
if ri.Type == models.RelAssignee {
|
||||
for _, oldTgt := range currentRels[string(ri.Type)] {
|
||||
if err := st.RemoveRel(id, string(ri.Type), oldTgt); err != nil {
|
||||
return err
|
||||
@@ -651,6 +645,24 @@ func (s *nodeServiceImpl) Update(id string, input UpdateInput) (*models.Node, er
|
||||
}
|
||||
}
|
||||
|
||||
// Namespace change: transfer ownership from the current namespace to the new one.
|
||||
if input.Namespace != nil {
|
||||
newNsID, err := s.resolveNamespaceRef(st, *input.Namespace)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Remove ownership from any current namespace owner.
|
||||
currentOwners, _ := st.FindNodes([]*models.Rel{{Type: models.RelHasOwnership, Target: id}})
|
||||
for _, owner := range currentOwners {
|
||||
if owner.GetProperty("type") == "namespace" {
|
||||
st.RemoveRel(owner.ID, string(models.RelHasOwnership), id) //nolint:errcheck
|
||||
}
|
||||
}
|
||||
if err := st.AddRel(newNsID, string(models.RelHasOwnership), id); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
@@ -770,8 +782,6 @@ func (s *nodeServiceImpl) resolveRelTarget(st store.GraphStore, ri RelInput) (st
|
||||
switch ri.Type {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions:
|
||||
return s.resolveUserRef(st, ri.Target)
|
||||
case models.RelInNamespace:
|
||||
return s.resolveNamespaceRef(st, ri.Target)
|
||||
default:
|
||||
// Permission rels and all other edge rels expect raw node IDs.
|
||||
return ri.Target, nil
|
||||
@@ -788,8 +798,6 @@ func (s *nodeServiceImpl) lookupRelTarget(relType models.RelType, target string)
|
||||
switch relType {
|
||||
case models.RelAssignee, models.RelCreated, models.RelMentions:
|
||||
nodeType = "user"
|
||||
case models.RelInNamespace:
|
||||
nodeType = "namespace"
|
||||
default:
|
||||
// Permission rels and other edge rels use raw node IDs.
|
||||
return "", false
|
||||
@@ -843,9 +851,6 @@ func (s *nodeServiceImpl) ensureGlobalNamespace(st store.GraphStore) (string, er
|
||||
if err := st.AddRel(id, "_type::namespace", ""); err != nil {
|
||||
return "", err
|
||||
}
|
||||
if err := st.AddRel(id, string(models.RelInNamespace), id); err != nil {
|
||||
return "", err
|
||||
}
|
||||
// Self-owned so no single user controls it.
|
||||
if err := st.AddRel(id, string(models.RelHasOwnership), id); err != nil {
|
||||
return "", err
|
||||
@@ -916,9 +921,6 @@ func (s *nodeServiceImpl) ensureNamespace(st store.GraphStore, name string) (str
|
||||
if err := st.AddRel(id, "_type::namespace", ""); err != nil {
|
||||
return "", err
|
||||
}
|
||||
if err := st.AddRel(id, string(models.RelInNamespace), id); err != nil {
|
||||
return "", err
|
||||
}
|
||||
userID, err := s.resolveUserRef(st, s.userID)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
||||
Reference in New Issue
Block a user