RobertM
01/12/2023, 7:32 AMmarcusgrass
01/12/2023, 9:30 AMmarcusgrass
01/12/2023, 9:33 AMdefinition user {}
definition organization {
relation member: user
relation admin: user
permission read_any_module = member + admin
permission edit_any_module = admin
}
definition module {
relation creator: user
relation owner: organization
relation sudo: user:* with escape_hatch
permission read = sudo + creator + owner->read_any_module
permission edit = sudo + creator + owner->edit_any_module
}
/** disregard using a string thats actually a bool when bool is a datatype, it's just messing around, ideally we'd be able to have a no-arg caveat here, like escape_hatch() but that doesn't parse right **/
caveat escape_hatch(open string) {
open == "true"
}
What we'd like to achieve is that any user can access any resource if the context is provided, but since we can't wildcard resources we have to create a relationship with every module that specifically maps a wildcard user with escape_hatch to sudo. We don't have to do data-duplication so it's workable, but it isn't very economical in terms of data-storage. Is there a better way to achieve a similar setup?vroldanbet
01/12/2023, 10:56 AMUnhinged
01/12/2023, 11:20 AMUnhinged
01/12/2023, 11:32 AMmarcusgrass
01/12/2023, 11:33 AMvroldanbet
01/12/2023, 12:07 PMvroldanbet
01/12/2023, 12:08 PMvroldanbet
01/12/2023, 12:26 PMvroldanbet
01/12/2023, 12:42 PMpdevlin
01/12/2023, 11:41 PMJoey
01/13/2023, 12:03 AM_nicob
01/13/2023, 7:15 AMvroldanbet
01/13/2023, 9:33 AMdguhr84
01/13/2023, 10:40 AMilyaobukhov
01/13/2023, 4:05 PMJoey
01/13/2023, 4:11 PMilyaobukhov
01/13/2023, 4:15 PMJoey
01/13/2023, 4:15 PMJoey
01/13/2023, 4:15 PMsyebaurgh
01/13/2023, 7:01 PMJoey
01/13/2023, 7:11 PMsyebaurgh
01/13/2023, 7:16 PMJoey
01/13/2023, 7:19 PMsyebaurgh
01/13/2023, 7:21 PMJoey
01/13/2023, 7:24 PMJoey
01/13/2023, 7:24 PMsyebaurgh
01/13/2023, 7:30 PMsyebaurgh
01/13/2023, 7:32 PM