https://authzed.com logo
Join Discord
Powered by
In the following example: ```definition user {} d...
# spicedb
l
In the following example:
Copy code
definition user {}

definition folder {
    relation reader: user
    permission read = reader
}

definition document {
    relation parent: folder

    permission read = parent->read
}
lets say that I want users to have 
read
permissions whenever a document does not have a parent_folder. What would be a nice way to go about this? I guess this is another instance where the intersection arrow would come in handy. A possible solution could be:
Copy code
definition user {}

definition folder {
    relation reader: user
    permission read = reader
}

definition document {
    relation parent: folder | folderless

    permission read = parent->read
}

definition folderless {
    relation reader: user:*
    permission read = reader
}
but it feels a bit off, since there is no way to guarantee folder and folderless are mutually exclusive. Does anyone have some tips or ideas on how to solve this?
PreviousNext
Powered by