fierro9418
02/16/2023, 2:27 AMfierro9418
02/16/2023, 2:28 AMdefinition platform {
relation administrator: user
permission super_admin = administrator
}
definition organization {
// The platform is generally a singleton pointing to the same
// platform object, on which the superuser is in turn granted
// access.
relation platform: platform
permission admin = platform->super_admin
}
definition resource {
relation owner: user | organization
permission admin = owner + owner->admin
}
definition user {}
fierro9418
02/16/2023, 2:28 AMadministrator
relation on organization to make it clear that there can be org admins who are only admins of the org they belong to, whereas there can be platform wide super-admins who have all the same permissions the org admins dofierro9418
02/16/2023, 2:29 AMorganization
definition would become definition organization {
// The platform is generally a singleton pointing to the same
// platform object, on which the superuser is in turn granted
// access.
relation platform: platform
relation administrator: user
permission admin = administrator + platform->super_admin
}
fierro9418
02/16/2023, 2:30 AMvroldanbet
02/16/2023, 9:34 AMjzelinskie
02/16/2023, 6:37 PMfierro9418
02/17/2023, 3:44 AM