vroldanbet
11/14/2022, 9:12 AMReadRelationships
+ DeleteRelationships
). The latter comes with preconditions https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.DeleteRelationshipsRequest so I wonder if you build a statement that fails if a new element appears in the graph. If that was the case, you'd need to retry the operation again (similarly to how distributed databases like CockroachDB would do in case of overlapping transactions).Steve Lillis
11/14/2022, 9:14 AMvroldanbet
11/14/2022, 9:28 AMUser:*
. Then any permission definitions in your folder should be defined in terms of their own relations, but then intersect those with the top level "on/off" flag. Let me see if I illustrate with an example
definition user{}
definition file{
relation parent: folder
relation viewer : user
permission view: viewer & parent->exists
}
definition root{
relation exists: user:*
}
definition folder {
relation children: resource | folder
relation parent: folder | root
permission exists: parent->exists
}
Steve Lillis
11/14/2022, 9:30 AMvroldanbet
11/14/2022, 9:31 AMSteve Lillis
11/14/2022, 9:32 AMvroldanbet
11/14/2022, 9:36 AMSteve Lillis
11/14/2022, 9:38 AMJoey
11/14/2022, 3:38 PM