fierro9418
03/13/2024, 9:31 PMvroldanbet
03/14/2024, 8:57 AM`
definition resource {
relation enabled: user:*
relation reader: resource#enabled
relation write: resource#enabled
permission read = reader
permission write = writer
}
of you can use it in a different way, like a feature flag:
definition resource {
relation read_enabled: user:*
relation reader: user
relation write_enabled: user:*
relation write: user
permission read = reader & read_enabled
permission write = writer & write_enabled
}
`
not sure if this answers your question but hopefully provides some inspiration. If you don't mind reframing your requirements I can try againfierro9418
03/15/2024, 12:31 AMdefinition resource {
relation reader: user
permission doA = reader
permission doB = reader
permission doC = reader
}
of arbitrary complexity, I was looking to see if there's a way to
definition resource {
relation reader: user
relation readerPlusPlus: user [= based_on reader]
permission doA = reader
permission doB = reader
permission doC = reader
permission doE = readerPlusPlus
# readerPlusPlus also has doA, doB, and doC because it's based on reader.
}
So kind of how you can write permissions as computed from eachother, but for relationsvroldanbet
03/15/2024, 9:30 AMvroldanbet
03/15/2024, 9:31 AMfierro9418
03/15/2024, 11:08 PM