kirin2444
04/18/2024, 10:06 AMvroldanbet
04/18/2024, 10:13 AMdefinition user {}
definition document {
relation parent: folder
relation viewer: user
permission view = parent->view + viewer
}
definition folder {
relation viewer: user
permission view = viewer
}
vroldanbet
04/18/2024, 10:17 AMdefinition user {
relation admin: document:*
}
definition document {
relation viewer: user
permission view = viewer
}
What this means is that now you have two ways to check for stuff
- one to check if user has access to individual resources
- one to check if user has access to all resources (inverted)vroldanbet
04/18/2024, 10:24 AMALL_DOCUMENTS
, which is a document that denotes all documents, and grant permission over that. Another one would be to create the higher level container like definition platform
and grant permission to the user there, and then check if they have access via that resourcekirin2444
04/18/2024, 10:39 AMvroldanbet
04/18/2024, 1:35 PMkirin2444
04/18/2024, 2:56 PMvroldanbet
04/18/2024, 3:34 PMvroldanbet
04/18/2024, 3:35 PMvroldanbet
04/18/2024, 3:37 PMuser:1 view document:4
but user:1 view ALL_DOCUMENTS
and OR that with user:1 view document:4
vroldanbet
04/18/2024, 3:37 PMCheckBulk
API to do 1 call with both checks)vroldanbet
04/18/2024, 3:38 PMvroldanbet
04/18/2024, 3:38 PMvroldanbet
04/18/2024, 3:40 PM