https://authzed.com logo
#spicedb
Title
# spicedb
w

williamdclt

03/03/2022, 8:02 PM
Your schema can then look like:
Copy code
definition partner {}
definition partner_of_org {
  partner: partner
}

definition org {
    relation admin: user
    relation member: user
    relation partner: partner_of_org#partner

    permission view = admin + member + partner
}

definition user {
    relation self: user
    relation org: org

    permission view = self + org->admin + org->partner
}

definition transaction {
    relation org: org
    relation user: user

    permission view = user + org->admin + org->partner
    permission edit = user + org->admin
}
Now, if you want to query all transactions viewable by a partner, you can lookup
transaction#viewable
for
partner:partner_id
. If you want to query transactions viewable by a partner in a given org, you can lookup
transaction#viewable
for
partner_of_org:org_id__partner_id
. That means you'll need your relations to be like
Copy code
org:qux#partner@partner_of_org:qux__bar#user
partner_of_org:qux__bar#user@partner:bar
transaction:quuz#org@org:qux