Content-Change Check Requests are a special kind of Check Request that should be used before applications modify protected content.
The primary difference between regular checks and content-change checks is that content-change checks do not require a Zookie because they are always evaluated at the latest revision. The Zookie returned by a Content-Change Check Response is intended to be saved alongside the protected content, so that the application can use it in future Check requests. This avoids the New Enemy Problem.
The following pseudo-code represents the desired usage of this API:
Additional Protocol Buffer definitions used
A Content-Change Check Response contains two values:
- a boolean that indicates whether provided
useris a member of the provided
- a Zookie
- INVALID_ARGUMENT: a provided value has failed to semantically validate
- RESOURCE_EXHAUSTED: processing the request surpassed the maximum depth of relationship resolution
- FAILED_PRECONDITION: a specified namespace or relation does not exist
For more generic failures, see the gRPC Status Code documentation.
Code Sample Parameter Values
|Tenant Slug||The slug for your tenant|
|Namespace||The namespace containing the object to check|
|Object ID||The ID of the object to check|
|Relation||The relation to check for the object|
|User namespace||The namespace for users in your tenant|
|User ID||The ID of the user against which to check|