ptrharmonic
05/09/2024, 12:01 AMdefinition user {}
definition group {
relation member: user
permission read = member
}
where members of a group are granted read permission on a group. In the database I'm modeling this with, `group`s have a flag called is_public
, and when it is True
it should allow any user to be able to read it. How would I go about modeling it? I'm guessing it has something to do with caveats since this is really an ABAC question but I'm a bit lostAlec
05/09/2024, 12:11 AMdefinition user {}
definition group {
relation member: user
relation reader: user | user:*
permission read = member + reader
}
In this case you write a reader relation to user:* for public groups.ptrharmonic
05/09/2024, 12:15 AMAlec
05/09/2024, 12:28 AMJoey
05/09/2024, 12:38 AMJoey
05/09/2024, 12:38 AMptrharmonic
05/09/2024, 1:08 AMJoey
05/09/2024, 1:13 AMJoey
05/09/2024, 1:13 AMJoey
05/09/2024, 1:14 AMJoey
05/09/2024, 1:14 AM