feat: add warning for mixed operators without parentheses#2786
Open
ivanauth wants to merge 3 commits intoauthzed:mainfrom
Open
feat: add warning for mixed operators without parentheses#2786ivanauth wants to merge 3 commits intoauthzed:mainfrom
ivanauth wants to merge 3 commits intoauthzed:mainfrom
Conversation
github-actions
bot
added
the
area/tooling
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
aa2be07 to
6a03a3d
Compare
ivanauth
changed the title
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2786 +/- ##
==========================================
- Coverage 73.80% 73.75% -0.04%
==========================================
Files 493 493
Lines 59295 59447 +152
==========================================
+ Hits 43755 43841 +86
- Misses 12384 12438 +54
- Partials 3156 3168 +12 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
|
@ivanauth this won't actually work in all cases, because expressions can cross multiple lines. Instead, this should likely be done by marking the expression during compilation with a piece of metadata, and having the warnings generator read that metadata |
github-actions
bot
added
area/schema
Contributor
Author
|
Switched from source-scanning to compile-time metadata detection per review feedback. Added |
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
88ff553 to
6952dbd
Compare
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
e292e69 to
5c2b616
Compare
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
ebb6aa6 to
23d2a00
Compare
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
f5d430a to
87f6a1e
Compare
Add a lint warning when permission expressions mix operators (union, intersection, exclusion) at the same scope level without explicit parentheses (e.g., `viewer - blocked & editor`). The warning is suppressible via `// spicedb-ignore-warning: mixed-operators-without-parentheses`. Introduces NodeTypeParenthesizedExpression in the parser to track explicit parentheses in the AST, enabling accurate detection of mixed operators at the same scope level. Fixes authzed/zed#598
ivanauth
force-pushed
the
fix/issue-598-mixed-operators-warning
branch
from
87f6a1e to
1742057
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When writing permission expressions like
viewer - blocked & editor, it's easy to assume arithmetic-style precedence. But SpiceDB's actual precedence (exclusion binds loosest, then intersection, then union) can lead to unexpected behavior.This adds a lint warning that flags mixed operators at the same scope, nudging users to add parentheses and make their intent explicit.
Example:
The warning can be suppressed with:
Fixes authzed/zed#598