From c395a44bf631a531783d6b3d004f332755bf2a20 Mon Sep 17 00:00:00 2001
From: Markus Thielker <hey@thielker.dev>
Date: Fri, 4 Apr 2025 16:00:00 +0200
Subject: [PATCH] NORY-59: add new script to create Keto relationships

---
 docker/ory-dev/keto-add-permission-to-role.sh | 31 +++++++++++++++++++
 docker/ory-dev/keto-add-permission.sh         | 26 ++++++++++++++++
 docker/ory-dev/ory/keto/keto.yaml             |  2 ++
 3 files changed, 59 insertions(+)
 create mode 100644 docker/ory-dev/keto-add-permission-to-role.sh
 create mode 100644 docker/ory-dev/keto-add-permission.sh

diff --git a/docker/ory-dev/keto-add-permission-to-role.sh b/docker/ory-dev/keto-add-permission-to-role.sh
new file mode 100644
index 0000000..9a0f7fa
--- /dev/null
+++ b/docker/ory-dev/keto-add-permission-to-role.sh
@@ -0,0 +1,31 @@
+# this script gives the referenced identity the admin role
+# make sure to provide the id of the identity
+
+# check if a identity id argument was provided
+if [ $# -ne 4 ]; then
+  echo "Usage: $0 <object> <relation> <role> <role_relation>"
+  exit 1
+fi
+
+# set user id variable
+OBJECT=$1
+RELATION=$2
+ROLE=$3
+ROLE_RELATION=$4
+
+# execute curl to Ory Keto write endpoint
+curl --request PUT \
+  --url http://localhost:4467/admin/relation-tuples \
+  --data '{
+           "namespace": "permissions",
+           "object": "'"$OBJECT"'",
+           "relation": "'"$RELATION"'",
+           "subject_set": {
+              "namespace": "roles",
+              "object": "'"$ROLE"'",
+              "relation": "'"$ROLE_RELATION"'"
+           }
+         }'
+
+# write success response to terminal
+echo "Added relation Permissions:$OBJECT#$RELATION@(Roles:$ROLE#$RELATION)"
diff --git a/docker/ory-dev/keto-add-permission.sh b/docker/ory-dev/keto-add-permission.sh
new file mode 100644
index 0000000..5812ce3
--- /dev/null
+++ b/docker/ory-dev/keto-add-permission.sh
@@ -0,0 +1,26 @@
+# this script gives the referenced identity the provided permission
+# make sure to provide the id of the identity
+
+# check if a required arguments were provided
+if [ $# -ne 3 ]; then
+  echo "Usage: $0 <object> <relation> <identity_id>"
+  exit 1
+fi
+
+# set variables from input
+OBJECT=$1
+RELATION=$2
+IDENTITY_ID=$3
+
+# execute curl to Ory Keto write endpoint
+curl --request PUT \
+  --url http://localhost:4467/admin/relation-tuples \
+  --data '{
+           "namespace": "permissions",
+           "object": "'"$OBJECT"'",
+           "relation": "'"$RELATION"'",
+           "subject_id": "'"$IDENTITY_ID"'"
+         }'
+
+# write success response to terminal
+echo "Added permission $OBJECT#$RELATION@$IDENTITY_ID"
diff --git a/docker/ory-dev/ory/keto/keto.yaml b/docker/ory-dev/ory/keto/keto.yaml
index 21dad3d..2be94ad 100644
--- a/docker/ory-dev/ory/keto/keto.yaml
+++ b/docker/ory-dev/ory/keto/keto.yaml
@@ -22,6 +22,8 @@ dsn: postgres://postgres:postgres@ory-postgres:5432/keto?sslmode=disable&max_con
 namespaces:
   - id: 0
     name: roles
+  - id: 1
+    name: permissions
 
 serve:
   read: