williamdclt
02/25/2022, 4:55 PMuser:123 is admin of org:foo
and flag:new_admin_dashboard is enabled in org:foo
and walk through these relations to decide permissions.
Here I'd have to write the admins of org:foo have feature_flag_new_admin_dashboard in org:foo
which doesn't make a lot of sense (feature_flag_new_admin_dashboard
shouldn't really be a relationship) and encodes part of the permission logic within the relationship (the user needs to be an admin of the organisation), which makes it harder to evolve in the future.