Bryan
12/04/2021, 3:17 AMread
, write
, admin
, etc. They a set of permissions which GitHub decides and they cannot be changed. Your playground is an excellent example of how we can model those. The difficult situations come with custom roles. Orgs can have custom roles, which are roles that represent a collection of permissions that the org admins can hand-pick.
So if a user has the write
role on a repo, I can follow your playground and make a write
role a relation on the repository
definition. But if a user has a custom role, it's trickier. I can't write it directly into the schema like write
because I don't know the permissions the custom role allows. The custom role can have permissions dynamically added and removed at the org admins' discretion.