https://authzed.com logo
#spicedb
Title
# spicedb
a

Alexey S

02/04/2022, 4:20 PM
Hello guys. I'm a newbie to spicedb and trying to play around with different cases and models (to train myself and understand the limits). I have a case which I want to simulate. Let's imagine we have a simple chat app. There are a couple of domain entities: - company - user - chat - message Users and chats belong to company. Company could have an admin. Chats could have members (users) from different companies. Messages apparently belongs to the chat. I want to build the permission model in which the admin of the company could have an access to all messages within all groups with the company users (including the case when user is a part of group which belongs to different company). I built a model for that, but I think (hope) it could be done much more elegant.
Copy code
definition user {
    // hack for accessing company admin
    relation company: company
    permission company_admin_access = company->admin
}

definition company {
    relation member: user
    relation admin: user
}

definition chat {
    relation member: user
    relation company: company

    // hack for providing access for company's admin in case the group belongs to other company
    permission read = member + company->admin + member->company_admin_access
}

definition message {
    relation chat: chat
    permission read = chat->read
}
Here is my playground with the schema, test data and assertions. https://play.authzed.com/s/wMeYSz8cZCI4/schema Would be happy if you could direct me on how to simplify it (for example avoiding backlink to the company in user).