https://authzed.com logo
Title
l

LarsRan

12/05/2022, 1:41 PM
In the following example:
definition user {}

definition folder {
    relation reader: user
    permission read = reader
}

definition document {
    relation parent: folder

    permission read = parent->read
}
lets say that I want users to have
read
permissions whenever a document does not have a parent_folder. What would be a nice way to go about this? I guess this is another instance where the intersection arrow would come in handy. A possible solution could be:
definition user {}

definition folder {
    relation reader: user
    permission read = reader
}

definition document {
    relation parent: folder | folderless

    permission read = parent->read
}

definition folderless {
    relation reader: user:*
    permission read = reader
}
but it feels a bit off, since there is no way to guarantee folder and folderless are mutually exclusive. Does anyone have some tips or ideas on how to solve this?