yetitwo
06/17/2022, 6:22 PMdefinition user {
relation persona: user
}
definition thing {
relation reader: user
relation writer: user
permission read: reader + writer
permission write: writer
}
the "persona" notion is that a user may have personas which only have access to some subset of the things which the user can see. the concrete use case is a salesperson with access to many things showing a prospective customer what it looks like to be a user in the system with various levels of privilege.
it seems like this model should suffice. however, one of my coworkers asked me whether it's possible to get a list of all personas with read access on a thing, and then get a list of all nonpersona users with read access on a thing. it''d be filtering on whether a given user has a persona relation pointing at it. is there a way to express this in a ReadRelationships
request? if not, is there a better way of asking the question, or of modeling this such that that question is answerable?
we could theoretically move the question outside of spicedb by having a naming convention for "persona" users vs normal users and then doing a string filter on the output of a Read request, but i'm wondering if there's another way of approaching it.