[BUG] Lookup Entity doesn't pass context to the internal permission checks

[amyaooooo]

Describe the bug
The Lookup Entity api doesn't pass context to entity's relation's permission check operation. Subject Permission / Check Access Control both can work appropriately.

To Reproduce
Here is a shorten version of schema used in my app:

rule check_org_in_parent_tree (org_id string) {
org_id in context.data.parents
}

entity Organization {
relation parent @organization

attribute org_id string

action TOP_TO_DOWN = check_org_in_parent_tree(org_id)
}

entity PublishedApplication {
relation granted_top_to_down_org @organization

permission granted_top_to_down_perm = granted_top_to_down_org.TOP_TO_DOWN

action LIST_VIEW = granted_common_perm
}

Parents in context data is a list of users' orgs walk to the root org, which is pre-computed in my server.

When using lookup entity api to search LIST_VIEW action entites, even with correct context to pass parents list, it won't use context's parents list in granted_top_to_down_perm permission check. Therefore the returned entity ids are not complete.

But in subject permission / check access control apis, they both can correctly return CHECK_RESULT_ALLOWED by judging with the context's parents list.

Expected behavior
When subject permission / check access control apis return CHECK_RESULT_ALLOWED, then lookup entity api should return all the right entity ids by using context to do permission checks.

[tolgaozen]

Hello @amyaooooo , I will create a test scenario, try it, and get back to you as soon as possible

[ucatbas]

Hi @amyaooooo, I noticed in the PublishedApplication entity there’s a reference to granted_common_perm, but I didn’t see its definition in the schema. Could you clarify where it’s defined, or what it’s supposed to represent?