https://authzed.com logo
#spicedb
Title
# spicedb
c

ColeOmni

10/27/2022, 7:32 PM
My schema so far is below. I am trying to determine the view permission based on the relationships of the expense resource, but the nesting error seems to want me to only refer to direct relationships in the rules.
Copy code
definition user {
}

definition employee {
    relation user: user
    relation manager: employee
}

definition expense {
    relation creator: employee 
    // creator of expense can view
    permission view = creator->user

    // manager of creator of expense can view
    // multiple hierarchal lookup 'creator->manager->user' doesn't work because `Nested arrows not yet supported`
    // permission view = creator->manager->user
}

// facts
// employee:abc#user@user:1
// expense:1#creator@employee:abc
// employee:xyz#user@user:2
// employee:abc#manager@employee:xyz

// assertions
// - "expense:1#view@user:1"
// - "expense:1#view@user:2"`
I tried your work-around
permission manager_user = manager->user
but it also doesn't like that, it says relation/permission
manager
not found under definition
expense