10/21/2022, 8:47 AM
Hello, I need to design a schema where two criteria have to be met for a folder access: Membership of a user group and a license for the module. I came up with the following schema. I used & for a logical AND operator and it seems to work. However, I did not find documentation on the usage. Is this a good approach? Can you point me to some documentation? definition folder { relation reader: usergroup relation editor: usergroup relation shown_in: module relation edited_in: module // direct children only relation direct_child: folder permission edit = editor->member + organization->admin permission read_artifacts = reader->member + edit permission edit_in_module = edit & edited_in->access_to permission read_in_module = read_artifacts & shown_in->access_to } definition module { relation owner: system relation has_license: user permission access_to = has_license + owner->support } definition usergroup { relation direct_member: user permission member = direct_member }