Hi again, I came up with a different schema to implement our app modules. My idea is having the same ID for all modules and a module specific permission for each module. I think that will better suit our needs as we will have only a small number of modules and if we introduce new modules later, we just change the schema and that's it, without the need to migrate the folder relationships (as the ID will not change). However, it feels a bit like cheating as the ID will be the same. Any thoughts on whether this is a good idea or not are welcome.
definition folder {
relation reader: usergroup
relation editor: usergroup
// same module ID used for all modules
relation shown_in_any_module: module
// direct children only
relation direct_child: folder
permission edit = editor->member + organization->admin
permission read_artifacts = reader->member + edit
permission traversable = read_artifacts + direct_child->traversable
// permissions for module A
permission edit_in_a = edit & shown_in_any_module->a_user
permission read_in_a = read_artifacts & shown_in_any_module->a_user
permission traversable_in_a = traversable & shown_in_any_module->a_user
// permissions for module B
permission edit_in_b = edit & shown_in_any_module->b_user
permission read_in_b = read_artifacts & shown_in_any_module->b_user
permission traversable_in_b = traversable & shown_in_any_module->b_user
}
definition module {
// module ID is identical for all modules, relation is specific for each module
relation has_licence_for_a: user
relation has_licence_for_b: user
permission a_user = has_licence_for_a
permission b_user = has_licence_for_b
}