Enhancing the 'Coverage' Command for Detailed Action/Permission Conditions

[tolgaOzen]

Description

We need to improve the accuracy and detail of the 'Coverage' command used in evaluating action/permission conditions within our system. A key concern is ensuring that every aspect of a permission condition is thoroughly covered and assessed for accuracy. The current implementation may lead to incomplete assessments, as exemplified by the sample condition provided.

Sample Condition for Reference

permission view = system.view or ((is_public or (is_partner and partner) or (viewer or company.maintain or organization.maintain or team.view)) not denied)

In this example, asserting only a part of the condition (like system.view) is considered sufficient for coverage, even if other parts are not asserted. This approach can lead to suboptimal results and inaccuracies in coverage evaluation.

Suggested Improvements

• Detail Each Component: Ensure that each component of a permission condition (e.g., is_public, is_partner) is individually evaluated and asserted in the 'Coverage' command.
• Comprehensive Coverage Analysis: Modify the 'Coverage' command to analyze all aspects of a condition, preventing partial or incomplete evaluations.
• Quality Checks: Introduce quality checks to validate the comprehensiveness and accuracy of the coverage.

Goals

• Accurate Coverage Assessment: Achieve a more accurate and thorough evaluation of permission conditions.

Action Items

• Review the current implementation of the 'Coverage' command.
• Redesign the command to incorporate detailed assessments of each condition part.
• Implement tests and quality checks for the revised 'Coverage' command.
• Update documentation to reflect the new standards and procedures.

Request for Comments

We seek feedback and suggestions, particularly regarding:

• Approaches for enhancing detail and accuracy in the 'Coverage' command.
• Potential challenges and solutions in the redesign process.
• Ideas to ensure the effectiveness of the new implementation.

[tolgaOzen]

/bounty $250

[algora-pbc]

💎 $250 bounty • Permify.co

Steps to solve:

1. Start working: Comment /attempt #837 with your implementation plan
2. Submit work: Create a pull request including /claim #837 in the PR body to claim the bounty
3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Don't wait to be assigned. A reward will be given for the best PR.

Thank you for contributing to Permify/permify!

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🟢 @vijayraghav-io	Nov 15, 2023, 3:06:31 PM	#844

[ayewo]

@tolgaOzen

1. Can you point me to the “Coverage” command in the codebase?
2. In your example, I imagine that short-circuiting is happening because system.view is the highest access available but then you go on to say:

This approach can lead to suboptimal results and inaccuracies in permission evaluation.

Can you please clarify the inaccuracy?

[vijayraghav-io]

/attempt #837

Options

• Cancel my attempt

[algora-pbc]

💡 @vijayraghav-io submitted a pull request that claims the bounty. You can visit your bounty board to reward.