stores/temporal-access/store.fga.yaml

model: |
  model
    schema 1.1

  type user

  type document
    relations
      define viewer: [user, user with temporal_access]

  condition temporal_access(grant_time: timestamp, grant_duration: duration, current_time: timestamp) {
     current_time < grant_time + grant_duration
  }

tuples:
    - user: user:bob
      relation: viewer
      object: document:1

    - user: user:anne
      relation: viewer
      object: document:1
      condition: 
        name: temporal_access
        context: 
          grant_time : "2023-01-01T00:00:00Z"
          grant_duration : 1h

    - user: user:anne
      relation: viewer
      object: document:2
      condition: 
        name: temporal_access
        context: 
          grant_time : "2023-01-01T00:00:00Z"
          grant_duration : 5s

tests:
  - name: Test temporal access
    check:
    - user: user:anne
      object: document:1
      context: 
        current_time: "2023-01-01T00:10:00Z"
      assertions:
        viewer: true

    - user: user:anne
      object: document:1
      context: 
        current_time: "2023-01-01T02:00:00Z"
      assertions:
        viewer: false

    - user: user:anne
      object: document:2
      context: 
        current_time: "2023-01-01T00:00:09Z"
      assertions:
        viewer: false

    - user: user:bob
      object: document:1
      assertions:
        viewer: true
  - name: Test the documents that anne can view
    list_objects:
      - user: user:anne
        type: document
        context: 
          current_time: "2023-01-01T00:00:01Z"
        assertions:
          viewer: 
            - document:1
            - document:2

  - name: Test the users that can view document:1
    list_users:
      - object: document:1
        context: 
          current_time: "2023-01-01T00:00:01Z"
        user_filter:
          - type: user
        assertions:
          viewer:
            users: 
              - user:anne
              - user:bob

  - name: Test the users that can view document:2
    list_users:
      - object: document:2
        context: 
          current_time: "2023-01-01T00:00:01Z"
        user_filter:
          - type: user
        assertions:
          viewer:
            users: 
              - user:anne