niodice
09/12/2022, 11:41 PMfoo
object and I am granting view
permissions on a foo
based on the visibility of the foo
(where visibility is an application logic, and could be only_me
, friends
, or everyone
. I have a sample schema that works
definition foo {
relation token: token
relation friends: foo
// representing the visibility settings of `foo`. Only 1 of these relations should be logically set at any given time.
relation viz_me: foo
relation viz_friends: foo
relation viz_everyone: token:*
// intermediary results
permission friends_tokens = friends->token
permission view = (viz_everyone + viz_me->token + viz_friends->friends_tokens)
}
But it is a little bit clunky. Suppose for example that a foo
is configured in the application as only_me
visibility -- meaning that only tokens with the token
relation can view it. If that changes to friends
, then I need to:
- Check if viz_me
or viz_everyone
is set, and un-set it
- Set viz_friends
relation
This pattern is common in our application and so I'm looking for a way to effectively work with this pattern. Ideally, I'd like to set just one relation and update it with something that represents the set of tokens. I think that this would be possible if I could write a statement like this:
definition foo {
relation token: token
relation friends: foo
relation viz_tokens: token
permission view = viz_tokens
}
And set the viz_tokens
, when writing the relationship, to something like token:*
, or $THIS->token
, or $THIS->friends->token
. That way I get an atomic update, and don't need to worry about managing the fact that Only 1 of these relations should be logically set at any given time.