DharsanB
12/12/2023, 10:28 AMdefinition user {}
definition project {
relation issue_creator: role#member
relation issue_assigner: role#member
relation any_issue_resolver: role#member
relation assigned_issue_resolver: role#member
relation comment_creator: role#member
relation comment_deleter: role#member
relation role_manager: role#member
permission create_issue = issue_creator
permission create_role = role_manager
}
definition role {
relation project: project
relation member: user
relation built_in_role: project
permission delete = project->role_manager - built_in_role->role_manager
permission add_user = project->role_manager
permission add_permission = project->role_manager - built_in_role->role_manager
permission remove_permission = project->role_manager - built_in_role->role_manager
}
definition issue {
relation project: project
relation assigned: user
permission assign = project->issue_assigner
permission resolve = (project->assigned_issue_resolver & assigned) + project->any_issue_resolver
permission create_comment = project->comment_creator
// synthetic relation
permission project_comment_deleter = project->comment_deleter
}
definition comment {
relation issue: issue
permission delete = issue->project_comment_deleter
}
DharsanB
12/12/2023, 10:49 AMvroldanbet
12/12/2023, 10:51 AMvroldanbet
12/12/2023, 10:52 AMresource-type:resource-id#relation@subject-type:subject-id#relation
form?DharsanB
12/13/2023, 10:07 AMDharsanB
12/13/2023, 7:20 PMvroldanbet
12/14/2023, 7:50 AMWriteRelationships
API.
An example with zed
would look like this (which under the hood does WriteRelationships
):
zed relationship create project:my_project_id issue_creator role:my_role_id member
The key here is that for the subject you must specify the relation member
vroldanbet
12/14/2023, 7:51 AMvroldanbet
12/14/2023, 7:51 AMDharsanB
12/14/2023, 1:13 PMDharsanB
12/14/2023, 1:19 PMvroldanbet
12/14/2023, 1:59 PM