Check call is a call to the Authzed API to validate whether a particular user has a particular permission (via a relation) on a particular object.
Check call is formed by specifying two pieces of information:
- The test relation: A block containing the namespace, relation and object to check
- The user: A user against which to check the permission
Let's say we wanted to check if a user
read permission on object
We'd form our test relation and user as follows:
Translation: Check for user
... is a special relation that is predefined and means "use this whole object as the user"
To make a check call, issue a
CheckRequest to the API:
Check call will return whether
The optional (but recommended)
at_revision paramter on Check calls is for a Zookie, which allows for bounded staleness.
When should I specify
Ideally? Always. Specifying the
at_revision allows Authzed to validate that the permissions requested are not stale for the current version of the object.
To learn more about why this is important, read about the New Enemy Problem.