janjiss
03/23/2023, 5:09 PMWorksheet
Stage
Step
Basically Worksheet has many Stages and Stage has many Steps.
I've represented this in SpiceDB the following way:
definition user {
}
definition worksheet {
relation viewer: user
permission view = viewer
}
definition stage {
relation worksheet: worksheet
relation viewer: user
permission view = worksheet -> view + viewer
}
definition step {
relation stage: stage
relation viewer: user
permission view = stage -> view + viewer
}
In other words, if I have access to worksheet, then I have access to all the stages and steps
There are really two questions -
1) Say I have access to Worksheet, but I wanted to block a specific user from accessing a step, what's the best way to achieve that?
2) One of the indications in the app that we currently use to figure out wether or not to show a Worksheet is - Does a user have a view permission on a step? Do I need to create a relation entry of user on a Worksheet every time if I wanted to query all Worsheets? Or should I set up some sort of reverse hierarchy to achieve this?