10/28/2021, 10:55 PM
It looks like you want to include more relations in the permission, like:
permission view = viewer + editor + owner
permission edit = editor + owner
To clarify, when you write a relation like this:
relation editor: user | portfolio#owner | group#member
What you're saying is "Let (spicedb) users write relationships for this namespace where the subject is a user, or the subject is an owner of a portfolio or the subject is a member of a group" - but those relationships still need to be written into the db by someone (you)
are what let you compute over relationships, which is probably what you were going for:
permission view = viewer + editor + owner
This says "we'll pretend there's a
relationship between resource and the subject if there's a relationship that says the subject is a viewer, editor, or owner of the resource"