jhleao
05/10/2023, 7:24 PMdefinition app/user {}
definition app/workspace {
relation viewer: app/user
relation editor: app/user
permission read = viewer
permission write = editor
}
definition app/project {
relation workspace: app/workspace
relation viewer: app/user
relation editor: app/user
permission read = viewer + workspace->read
permission write = editor + workspace->write
}
definition app/board {
relation project: app/project
relation viewer: app/user
relation editor: app/user
permission read = viewer + project->read
permission write = editor + project->write
}
The rule we're trying to model now is, people that are part of a board
, but not part of the respective workspace
, should have a specific permission set on that workspace
, that we call "guest" permissions. Perhaps something like this pseudo code:
definition app/workspace {
permission guest_read: linked_projects->linked_boards->viewer
}
This would be the other way around of the -> operator. Making a lookup on a relation that lives on other definitions. Is this possible? Or how else would you suggest modeling this rule?