bryana
12/03/2021, 4:58 PMdefinition github/repository_unlock {
relation unlocker: github/user
permission access = unlocker
}
definition github/repository {
relation unlock: github/repository_unlock
permission manage_settings = unlock->access
}
However, there is a validation that says that a user cannot have a repo unlock unless they are a staff member. I think I could model that by:
definition github/site {
relation staff_member: github/user
permission staff_access = staff_member
}
definition github/repository_unlock {
relation unlocker: github/user
relation site: github/site
permission access = unlocker & site->staff_access
}
That, however, comes with the big tradeoff that I have to create a relationship for every repository_unlock object to the site (I think a wildcard would help here but that’s another story). If I removed this staff member “validation” in the permission check it is something I could check instead at the point I’m generating the repository_unlock unlocked relations and leave it out of the schema. WDYT?