https://authzed.com logo
#spicedb
Title
# spicedb
b

bryana

11/22/2021, 6:40 PM
Hello! I’m back with another question. I’m trying to model a concept we have which is “custom” roles, basically roles that consist of a set of configurable permissions and a role can be assigned to a user or a team. After a lot of trial and error I found this example https://discord.com/channels/844600078504951838/844600078948630559/905094756529471551 which helped me get it working for users as role members. Here’s what that looks like…
Copy code
definition github/issue {
  ...
  relation repository: github/repository
  permission close = repository->close_issue
}
definition github/repository {
  ...
  relation role: github/role
  permission delete = role->delete_repo

  // synthetic permissions for objects that hang off of repo
  permission close_issue = role->close_issue
  
}

definition github/role {
  relation member: github/user
  relation has_delete_repo: github/role#member
  relation has_close_issue: github/role#member
  relation has_add_repo_topic: github/role#member

  permission delete_repo = member  & has_delete_repo
  permission close_issue = member & has_close_issue
}
I now want to make this work for members of a team when that team is assigned a role, and I thought this update would work, but its not!
Copy code
definition github/role {
  relation member: github/user | github/team
  permission delete_repo = (member + member->membership) & has_delete_repo
  permission close_issue = (member + member->membership) & has_close_issue
}


def github/team {
  relation maintainer: github/user
  relation member: github/user

  permission membership = maintainer + member
}
Here is my playground https://play.authzed.com/s/8PHCe2ITEXdm. Any ideas?