connor
06/16/2022, 5:07 PMconnor
06/16/2022, 5:08 PMconnor
06/16/2022, 5:09 PM{
"level": "error",
"module": "pgx",
"args": [],
"err": "ERROR: relation \"metadata\" does not exist (SQLSTATE 42P01)",
"pid": 1845518,
"sql": "SELECT unique_id FROM metadata",
"time": "2022-06-16T17:01:04Z",
"message": "Query"
}
and from the schema write attempt: {
"level": "error",
"module": "pgx",
"args": [],
"err": "ERROR: relation \"namespace_config\" does not exist (SQLSTATE 42P01)",
"pid": 1845518,
"sql": "SELECT serialized_config, timestamp FROM namespace_config",
"time": "2022-06-16T17:06:28Z",
"message": "Query"
}
Joey
06/16/2022, 5:31 PMmigrate
command?connor
06/16/2022, 7:35 PMconnor
06/16/2022, 7:38 PMsh
or bash
is available for that image so I guess I just need to run spicedb
locally on my machineJoey
06/16/2022, 7:40 PMconnor
06/16/2022, 7:45 PMyetitwo
06/16/2022, 8:19 PMJoey
06/16/2022, 8:48 PMJoey
06/16/2022, 8:48 PMyetitwo
06/16/2022, 10:05 PMyetitwo
06/16/2022, 10:06 PMyetitwo
06/16/2022, 10:06 PMcaiokf
06/16/2022, 10:37 PMJoey
06/16/2022, 10:55 PMJoey
06/16/2022, 10:56 PMcaiokf
06/16/2022, 11:06 PMJoey
06/16/2022, 11:18 PMzed validate
and the validate CI systemJoey
06/16/2022, 11:19 PMJoey
06/16/2022, 11:19 PMcaiokf
06/16/2022, 11:33 PMJoey
06/16/2022, 11:34 PMzed
locallyJoey
06/16/2022, 11:34 PMJoey
06/16/2022, 11:34 PMzed validate file.yaml
will validate the playground downloaded fileSatz
06/17/2022, 6:15 AMyetitwo
06/17/2022, 6:22 PMdefinition user {
relation persona: user
}
definition thing {
relation reader: user
relation writer: user
permission read: reader + writer
permission write: writer
}
the "persona" notion is that a user may have personas which only have access to some subset of the things which the user can see. the concrete use case is a salesperson with access to many things showing a prospective customer what it looks like to be a user in the system with various levels of privilege.
it seems like this model should suffice. however, one of my coworkers asked me whether it's possible to get a list of all personas with read access on a thing, and then get a list of all nonpersona users with read access on a thing. it''d be filtering on whether a given user has a persona relation pointing at it. is there a way to express this in a ReadRelationships
request? if not, is there a better way of asking the question, or of modeling this such that that question is answerable?
we could theoretically move the question outside of spicedb by having a naming convention for "persona" users vs normal users and then doing a string filter on the output of a Read request, but i'm wondering if there's another way of approaching it.Joey
06/17/2022, 6:57 PMJoey
06/17/2022, 6:57 PMpersona
as its own typeJoey
06/17/2022, 6:58 PMdefinition user {}
definition persona {}
definition thing {
relation reader: user | persona
}