williamdclt02/25/2022, 4:55 PM
user:123 is admin of org:foo
and walk through these relations to decide permissions. Here I'd have to write
flag:new_admin_dashboard is enabled in org:foo
which doesn't make a lot of sense (
the admins of org:foo have feature_flag_new_admin_dashboard in org:foo
shouldn't really be a relationship) and encodes part of the permission logic within the relationship (the user needs to be an admin of the organisation), which makes it harder to evolve in the future.