Title
l
LarsRan
12/05/2022, 2:27 PMUsing just intersections and exclusions I can get to the following
definition user {}
definition folder {
relation all: user:*
relation reader: user
permission not_read = all - reader
}
definition document {
relation all: user:*
relation parent: folder
permission read = all - parent->not_reader
}d
dsieczko
12/05/2022, 2:44 PMHey - yea - maybe like this?
definition user {}
definition folder {
relation viewer: user | user:*
permission view: viewer
}
definition document {
relation parent: folder
relation owner: user
permission read = owner | folder->view
}l
LarsRan
12/05/2022, 2:51 PMYeah, that is a possibility too. But this would mean removing all owners once it is added to a folder
d
dsieczko
12/05/2022, 2:57 PMI don't think you would have to remove an owner unless I'm missing something? If a document was added to folder now anyone will be able to read and you can keep the owner (who will also be able to view)
Hi @LarsRan ! Were you able to get what you needed using preconditions?
l
LarsRan
12/07/2022, 11:26 AMYes and no, preconditions indeed solved the problem of mutual exclusivity but did not fit nicely right now in our current design. Now I used the zed definition at the top of this thread and that seems to work
Regarding the zedfragment you sent. I think I might not have made the usecase entirely clear. I want all users to have view rights on a document when it is not in a folder, when it is in a folder I want only the users with folder view rights to have document view rights
Thanks for helping me out anyway!
d
dsieczko
12/07/2022, 2:45 PMAh - ok! Thanks for clarifying.