Hi everyone. I'm modeling the permissions in my ap...
# spicedb
Hi everyone. I'm modeling the permissions in my application and I have the typical
definitions that you'd see in most examples. I've also read through the github and watched the google groups blog posts, but I haven't found a elegant/recommended/typical way to model an
permission on a user. In my model, the only ones that should be allowed to edit a user's profile are: * The user themself * An administrator. I've modeled the ability to edit one's personal profile with a
relation in the
definition, but it seems inelegant. Is there a simpler pattern that I'm missing? Thanks in advance.
Copy code
definition user {
    relation self: user
    relation viewer: user
    relation organization: organization

    permission edit = self + organization->create_user
    permission view = viewer + edit + organization->member

definition organization {
    relation admin: user
    relation direct_member: user
    permission member = admin + direct_member
    permission create_user = admin