Hello! I want to model a permission where users ar...
# spicedb
Hello! I want to model a permission where users are assigned custom roles that grant access to resources under a certain department. I'm trying to intersect the departments first and get member from the intersection result. However I'm getting
Expected end of statement or definition, found: TokenTypeRightArrow
. Is
(a & b)->c
not supported? Is there a workaround? Thanks in advance! This is the schema:
Copy code
definition user {

definition department {
  /* not real members, just so that we can map back to user type */
  relation member: user:*

definition user_role {
  relation allowed_department: department

definition company {
  relation can_read_document_role: user_role

  permission can_read_document_role_department = can_read_document_role->allowed_department

definition document {
  relation company: company
  relation department: department

  /* allow read if the department matches the one from can_read_document_role */
  permission read = (department & company->can_read_document_role_department)->member