Hello, I need to design a schema where two criteria have to be met for a folder access: Membership of a user group and a license for the module. I came up with the following schema. I used & for a logical AND operator and it seems to work. However, I did not find documentation on the usage. Is this a good approach? Can you point me to some documentation?
definition folder {
relation reader: usergroup
relation editor: usergroup
relation shown_in: module
relation edited_in: module
// direct children only
relation direct_child: folder
permission edit = editor->member + organization->admin
permission read_artifacts = reader->member + edit
permission edit_in_module = edit & edited_in->access_to
permission read_in_module = read_artifacts & shown_in->access_to
}
definition module {
relation owner: system
relation has_license: user
permission access_to = has_license + owner->support
}
definition usergroup {
relation direct_member: user
permission member = direct_member
}