silencer.xyz
10/27/2022, 9:46 AMuser
10/27/2022, 12:17 PMuser
10/27/2022, 12:18 PMJoey
10/27/2022, 2:19 PMPrchowdh
10/27/2022, 5:54 PMtype project{
relation admin: user
}
[project,user]-> [admin]
* provided one type & relation - provide all the type can be related provided type with the mentioned relation ship.
type project{
relation admin: user
}
[project,admin ] -> [user]
* provided source , target types and relation - provide all the relation/permission of target type can be associated here
type project{
relation admin: group#all_member
}
[source : project, target : group , relation : admin ] ---> [all_member]
At this point - no such API exist - correct ?Joey
10/27/2022, 6:44 PMJoey
10/27/2022, 6:44 PMPrchowdh
10/27/2022, 6:50 PMJoey
10/27/2022, 6:51 PMColeOmni
10/27/2022, 7:13 PMpermission view = creator->manager->user
it gives me an error message: Nested arrows not yet supported
If this isn't supported, it requires us to denormalize the model, we will need to add redundant relationships for child resources. Doesn't this defeat the purpose of a relational system?Joey
10/27/2022, 7:14 PMJoey
10/27/2022, 7:14 PMpermission manager_user = manager->user
Joey
10/27/2022, 7:14 PMJoey
10/27/2022, 7:14 PMJoey
10/27/2022, 7:14 PMJoey
10/27/2022, 7:15 PM->user
under a role, you probably want that role to point to the user directlyJoey
10/27/2022, 7:15 PMColeOmni
10/27/2022, 7:32 PMdefinition user {
}
definition employee {
relation user: user
relation manager: employee
}
definition expense {
relation creator: employee
// creator of expense can view
permission view = creator->user
// manager of creator of expense can view
// multiple hierarchal lookup 'creator->manager->user' doesn't work because `Nested arrows not yet supported`
// permission view = creator->manager->user
}
// facts
// employee:abc#user@user:1
// expense:1#creator@employee:abc
// employee:xyz#user@user:2
// employee:abc#manager@employee:xyz
// assertions
// - "expense:1#view@user:1"
// - "expense:1#view@user:2"`
I tried your work-around permission manager_user = manager->user
but it also doesn't like that, it says relation/permission manager
not found under definition expense
Joey
10/27/2022, 7:39 PMemployee
Joey
10/27/2022, 7:39 PMmanager: employee#user
ColeOmni
10/27/2022, 7:45 PMchance
10/27/2022, 8:19 PMCheckPermissionResponse.Permissionship
be PERMISSIONSHIP_CONDITIONAL_PERMISSION
?
https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.CheckPermissionResponse.Permissionshipchance
10/27/2022, 8:20 PMJoey
10/27/2022, 8:21 PMchance
10/27/2022, 8:21 PMJoey
10/27/2022, 8:21 PMJoey
10/27/2022, 8:22 PMchance
10/27/2022, 8:22 PMJoey
10/27/2022, 8:22 PMchance
10/27/2022, 8:22 PM