I have a resource hierarchy like below:
defintion user {}
defintion project{
relation editor: user
permission edit = editor
}
defintion folder{
relation parent_project : project
relation editor: user
permission edit = editor + parent_project->edit
}
1. A project can contain 1 million folders
2. In our use case we only have 100s of folders which can be shared out of the 1 million with others
3. How can we model this concept without storing one million folders relationships between folder and parent_project and instead only store the relationships for the folders which are shareable ?
4. How do I make checkPermission return true for folders for which I have not defined a relationship with the project (because they are not shareable with others) but still accessible to the project editor ?
I can only think of this application logic:
-- check if relation exists between folder and project then perform the checkPermission on the folder
else checkPermission on the project.
I am trying to look for a more elegant solution which can do this in a single checkPermission unless you think the above logic is the best possible solution