Ben
03/22/2024, 4:58 AMExpandPermissionTree
but the other way? Imagine a schema like this:
definition user {}
definition group {
relation member: user
}
definition intersection {
relation first: group#member
relation second: group#member
permission member = first & second
}
definition resource {
relation access: user | group#member | intersection#member
permission edit = access
}
If I have the following relations:
group:A member user:ben
group:B member user:ben
intersection:C first group:A#member
intersection:C second group:B#member
resource:doc1 access intersection:C#member
resource:doc2 access group:A#member
resource:doc3 access user:ben
Essentially I want a way of determining the fact that group:A#member
influences the edit
permission of `resource`'s [doc1, doc2]
. If I do a LookupResources
with group:A#member
as the subject it only returns doc2
because technically group:A#member
doesn't match the other branch of the intersection.
This is so that when consuming changes around group:A
I know which resources to update the index for (I know Materialize does that, but I need a solution sooner than Materialize General Availability and ideally in self-hosted too).
Please also note that this is a simplified schema compared to the actual one, so it's not necessarily as simple as just redoing a LookupResources
for each member of group:A
when changes happen (which is anyway not very performant)