LarsRan
12/05/2022, 1:41 PMdefinition user {}
definition folder {
relation reader: user
permission read = reader
}
definition document {
relation parent: folder
permission read = parent->read
}
lets say that I want users to have read
permissions whenever a document does not have a parent_folder. What would be a nice way to go about this? I guess this is another instance where the intersection arrow would come in handy.
A possible solution could be:
definition user {}
definition folder {
relation reader: user
permission read = reader
}
definition document {
relation parent: folder | folderless
permission read = parent->read
}
definition folderless {
relation reader: user:*
permission read = reader
}
but it feels a bit off, since there is no way to guarantee folder and folderless are mutually exclusive. Does anyone have some tips or ideas on how to solve this?