@definitelyBenny I agree. We're SpiceDB #spicedb

Join Discord

@definitelyBenny I agree. We're

# spicedb

Joey

04/29/2024, 7:52 PM

@definitelyBenny I agree. We're scheduled to add more to the examples repo over the next few weeks

definitelyBenny

04/29/2024, 7:57 PM

(If any of my scenarios are already handled, please feel free to tell me haha)

definitelyBenny

05/02/2024, 2:48 AM

How to take cascading permissions and optimize them to prevent duplicate checks (eg: If a user has edit, they also have view, and if they have admin they have edit and view) Bonus points if you can show how to integrate non cascading permissions into this (eg: Admin gives view and edit, but not share) How to handle default permissions on a resource. (eg: Group Y immediately gets admin rights to every resource (event newly created ones) while Group Z only gets view rights Just some thoughts, more to come

Joey

05/02/2024, 3:47 AM

first one is fairly straightforward

Joey

05/02/2024, 3:47 AM

Copy code

definition resource {
  relation admin: user
  relation editor: user
  relation viewer: user
  relation sharer: user

  permission can_admin = admin
  permission edit = editor + can_admin
  permission view = viewer + edit
  permission share = sharer
}

Joey

05/02/2024, 3:48 AM

^ any admin can also edit and view but not share

Joey

05/02/2024, 3:48 AM

default permissions you handle by writing a relationship to a singleton:

Joey

05/02/2024, 3:49 AM

Copy code

definition kind {
  relation admin: user
}

definition resource {
  relation admin: user | kind#admin
  permission can_admin = admin
}

then write

resource:whateverresourceitis#admin@kind:resource#admin

Joey

05/02/2024, 3:49 AM

and

kind:resource#admin@user:fred

Previous Next