did you have any chance to update the Java library?

the library should be fine, the update to the guide is in review here: https://github.com/authzed/docs/pull/31

here is the preview of the work in review: https://docs-git-fork-samkim-main-authzed.vercel.app/guides/first-app

ah, perfect! Thanks!

In the meanwhile I've been playing around on the playground, though when I click 'Run' I always get:

Already disabled all browser plugins, using the latest Google Chrome. Network tab and console looks ok-ish to me 🙂

The RBAC example works though...

here what I've put in 🙂

you can't use parens in a relationship

ah, silly me 🙂

we'll see if we can work on the error

What I'm trying to model:

user 'Julie' has the role 'coach' and 'writer' for the document 'notes'

, does that make sense?

can you send a share link?

sure, one sec

btw, I really like the playground, well done!

what is the relationship between a named role and a document? in the basic RBAC example, I would presume you would just add patient and coach as relationships on

document

ideally the document has no direct relationship to a role

have you seen the UDR blog pos?

don't think so, I'll dive into that then

Thanks!

you're welcome!

@User I also re-hashed UDR a bit yesterday in the Google Groups blog post and video: https://authzed.com/blog/build-you-a-google-groups/

in the "Per-Group Permissions" section

oh, cool

HI! Is there an ABAC example that I can look at? I tried modelling an

attribute

as an object but I don't think my permission expression is correct. I am assuming an "exist" operator which I am not sure works.

definition user {}
definition attribute {}

definition group {
    relation member: user
    relation special: attribute
    permission special_access =  member & special 
}

Hi everyone. I'm modeling the permissions in my application and I have the typical

organization

and

user

definitions that you'd see in most examples. I've also read through the github and watched the google groups blog posts, but I haven't found a elegant/recommended/typical way to model an

edit

permission on a user. In my model, the only ones that should be allowed to edit a user's profile are: * The user themself * An administrator. I've modeled the ability to edit one's personal profile with a

self

relation in the

user

definition, but it seems inelegant. Is there a simpler pattern that I'm missing? Thanks in advance.

definition user {
    relation self: user
    relation viewer: user
    relation organization: organization

    permission edit = self + organization->create_user
    permission view = viewer + edit + organization->member
}

definition organization {
    relation admin: user
    relation direct_member: user
    permission member = admin + direct_member
    
    permission create_user = admin
}

@User as of this moment, nothing more elegant. We actually have an issue already filed for `self`: https://github.com/authzed/spicedb/issues/338

if you don't mind, please add your example to the issue 🙂