Hi,
looking for a way to manage access based on c...
# spicedbu
0xb4lamx [EU]
04/28/2025, 6:24 PMHi,
looking for a way to manage access based on current role and target role. (+ caveats are not available on permissions).
initial thought:
Copy code
definition resource {
relation owner: user
relation administrator: user
relation editor: user
relation viewer: user
/**
* `access` self access:
* `_grant_[target_role]_for_[current_role]`: grant access for the target role based on current role of the user being modified.
* `_revoke_[current_role]`: revoke access based on current role of the user being modified.
*/
permission access_grant_viewer_for_viewer = owner + administrator + editor
permission access_grant_viewer_for_editor = owner + administrator
permission access_grant_viewer_for_administrator = owner
permission access_grant_editor_for_viewer = owner + administrator
permission access_grant_editor_for_editor = owner + administrator
permission access_grant_editor_for_administrator = owner
permission access_grant_administrator_for_viewer = owner
permission access_grant_administrator_for_editor = owner
permission access_grant_administrator_for_administrator = owner
permission access_revoke_viewer = owner + administrator + editor
permission access_revoke_editor = owner + administrator
permission access_revoke_administrator = owner
}