11/22/2021, 6:40 PM
Hello! I’m back with another question. I’m trying to model a concept we have which is “custom” roles, basically roles that consist of a set of configurable permissions and a role can be assigned to a user or a team. After a lot of trial and error I found this example which helped me get it working for users as role members. Here’s what that looks like…
definition github/issue {
  relation repository: github/repository
  permission close = repository->close_issue
definition github/repository {
  relation role: github/role
  permission delete = role->delete_repo

  // synthetic permissions for objects that hang off of repo
  permission close_issue = role->close_issue

definition github/role {
  relation member: github/user
  relation has_delete_repo: github/role#member
  relation has_close_issue: github/role#member
  relation has_add_repo_topic: github/role#member

  permission delete_repo = member  & has_delete_repo
  permission close_issue = member & has_close_issue
I now want to make this work for members of a team when that team is assigned a role, and I thought this update would work, but its not!
definition github/role {
  relation member: github/user | github/team
  permission delete_repo = (member + member->membership) & has_delete_repo
  permission close_issue = (member + member->membership) & has_close_issue

def github/team {
  relation maintainer: github/user
  relation member: github/user

  permission membership = maintainer + member
Here is my playground Any ideas?