https://authzed.com logo
Join Discord
Powered by
naming conventions
# spicedb
j
Hi. Are there any good naming conventions for authorization parameters and data structures? Like a naming convention (to avoid bike shedding) for permissions, feature flags, + strategies for nesting/flat data structures etc in client-facing APIs. – I am currently working out how to represent my Spice DB schema in GraphQL for my UI (webapp client) to know what to display and/or mutate. Any link and/or quick two cents is appreciated. Thanks<3
j
What I've always done is: permissions get named with a verb, from the end user's point of view, e.g. 
view
, 
delete
, 
create_user
(on some container), etc relations get named with the actual relationship that the subject has to the resource, e.g. if you were to write a sentence "Jake is a reader of document ABC" to describe the relationship, the relation name would be 
reader
, they often end in 
-er
objects get the singular form of their type name, e.g. 
user
, 
document
, 
folder
synthetic relations (i.e. the permissions that get created to work around the lack of nested arrows) are named by converting the arrow to an underscore e.g. 
permission parent_view = parent->view
nesting as a naming concept never really comes up outside of picking the relation name for the object under which an object is nested e.g. 
relation parent: folder
or 
relation folder: folder
for the relation to a nesting context
and that usually depends on whether you want to have polymorphic nesting contexts with a duck typed interface, e.g. 
relation parent: folder | organization
and then 
permission view = reader + parent->view
j
ah, this is great. thanks!
PreviousNext
Powered by