https://authzed.com logo
#spicedb
Title
# spicedb
a

Arash

01/24/2022, 7:02 PM
Hi everyone. I'm modeling the permissions in my application and I have the typical
organization
and
user
definitions that you'd see in most examples. I've also read through the github and watched the google groups blog posts, but I haven't found a elegant/recommended/typical way to model an
edit
permission on a user. In my model, the only ones that should be allowed to edit a user's profile are: * The user themself * An administrator. I've modeled the ability to edit one's personal profile with a
self
relation in the
user
definition, but it seems inelegant. Is there a simpler pattern that I'm missing? Thanks in advance.
Copy code
definition user {
    relation self: user
    relation viewer: user
    relation organization: organization

    permission edit = self + organization->create_user
    permission view = viewer + edit + organization->member
}

definition organization {
    relation admin: user
    relation direct_member: user
    permission member = admin + direct_member
    
    permission create_user = admin
}