liammoch
06/11/2022, 12:51 AMdefinition user {}
definition folder {
relation reader: user
relation parent_folder: folder
permission read = reader + parent_folder->read
}
definition document {
relation reader: user
relation parent_folder: folder
permission read = reader + parent_folder->read
}
Say I have documents
doc1 --- parent ---> folder1
doc2 --- parent ---> folder2
doc3 --- parent ---> folder3
joe --- reader ---> folder1
joe --- reader ---> doc3
frank ---> reader ---> folder2
I want to fetch the set of document that joe has view permissions on, either directly or indirectly and pre-program those in our PEP. I also need to watch out for changes to that set so that I can update my pre-programmed rules. I want to handle access requests for frank as usual via the Check API.