From e30cd99c4c552609eea44653597d9bd6c951c552 Mon Sep 17 00:00:00 2001
From: mpw <x@mpw.sh>
Date: Mon, 21 Aug 2023 18:14:18 -0300
Subject: [PATCH 1/2] remove recursion and traverse in Organization Namespace,
 add explicit check for owners on view and edit permissions

---
 charts/hub-permissions/policies/namespaces.keto.ts | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/charts/hub-permissions/policies/namespaces.keto.ts b/charts/hub-permissions/policies/namespaces.keto.ts
index 1f73688..5fcc931 100644
--- a/charts/hub-permissions/policies/namespaces.keto.ts
+++ b/charts/hub-permissions/policies/namespaces.keto.ts
@@ -205,20 +205,18 @@ class Organization implements Namespace {
     owners: User[]
     editors: User[]
     viewers: User[]
-    parents: Organization[]
   }
 
   permits = {
     view: (ctx: Context): boolean =>
       this.related.viewers.includes(ctx.subject) ||
+      this.related.owners.includes(ctx.subject) ||
       this.permits.edit(ctx),
     edit: (ctx: Context): boolean =>
       this.related.editors.includes(ctx.subject) ||
-      this.permits.delete(ctx),
-    invite: (ctx: Context): boolean =>
-      this.permits.view(ctx),
-    delete: (ctx: Context): boolean =>
       this.related.owners.includes(ctx.subject) ||
-      this.related.parents.traverse((parent) => parent.permits.delete(ctx)),
+      this.permits.delete(ctx),
+    invite: (ctx: Context): boolean => this.permits.view(ctx),
+    delete: (ctx: Context): boolean => this.related.owners.includes(ctx.subject),
   }
 }

From d01812a325bcfd259e9999b1901e6527384221cb Mon Sep 17 00:00:00 2001
From: mpw <x@mpw.sh>
Date: Mon, 21 Aug 2023 18:16:58 -0300
Subject: [PATCH 2/2] wops, add chart.yaml

---
 charts/hub-permissions/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/hub-permissions/Chart.yaml b/charts/hub-permissions/Chart.yaml
index afb0fc5..2e6d428 100644
--- a/charts/hub-permissions/Chart.yaml
+++ b/charts/hub-permissions/Chart.yaml
@@ -18,7 +18,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.4
+version: 0.4.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to