https://authzed.com logo
#spicedb
Title
# spicedb
j

Jonathan Whitaker

10/28/2021, 10:39 PM
I have a schema that looks like this:
Copy code
definition user {}

definition group {
    relation member: user | group#member
}

definition portfolio {
    relation owner: user
    relation viewer: user | portfolio#editor | group#member
    relation editor: user | portfolio#owner | group#member

    permission view = viewer
    permission edit = editor
}
I write a relation and then subsequently read a relation. Here's the read that I get back:
Copy code
{
  "readAt": {
    "token": "GgMKATQ="
  },
  "relationship": {
    "relation": "owner",
    "resource": {
      "objectId": "1",
      "objectType": "portfolio"
    },
    "subject": {
      "object": {
        "objectId": "jonwhit",
        "objectType": "user"
      }
    }
  }
}
If I do a
check(portfolio:1, view, user:jonwhit)
I get
PERMISSIONSHIP_NO_PERMISSION
. Shouldn't that user have the permission since he is an owner and owners are editors and editors can view?