I came up with something, but it's not very good: ...
# spicedbd
devoxel
03/14/2022, 8:00 PMI came up with something, but it's not very good: https://play.authzed.com/s/wmxWSUBCX3pu/schema
Copy code
// Compute group space collisions
// This means - any groups that have colliding spaces. EG
// groupA{ all=RW, r1=nil } + groupB{ all=RW, r2=nil } + groupC{ all=R, r2 = nil, r3 =n nil }
// Each of these groups provides a default, which means it operates on every resource.
// Any other group definition that explicitly removes a group will collide with that space.
// So, for each of these groups, compute all possible membership tuples
// (A, B) + (A, C) + (B, C)
//
// This means n!/(2*(n-2)!) * n extra rules
uninherit_group:uninherit_r1#except@group:A_B#member
uninherit_group:uninherit_r1#except@group:A_C#member
uninherit_group:uninherit_r1#except@group:B_C#member
uninherit_group:uninherit_r2#except@group:A_B#member
uninherit_group:uninherit_r2#except@group:A_C#member
uninherit_group:uninherit_r2#except@group:B_C#member
uninherit_group:uninherit_r3#except@group:A_B#member
uninherit_group:uninherit_r3#except@group:A_C#member
uninherit_group:uninherit_r3#except@group:B_C#member