fierro
02/16/2023, 2:27 AMdefinition platform {
relation administrator: user
permission super_admin = administrator
}
definition organization {
// The platform is generally a singleton pointing to the same
// platform object, on which the superuser is in turn granted
// access.
relation platform: platform
permission admin = platform->super_admin
}
definition resource {
relation owner: user | organization
permission admin = owner + owner->admin
}
definition user {}
administrator
relation on organization to make it clear that there can be org admins who are only admins of the org they belong to, whereas there can be platform wide super-admins who have all the same permissions the org admins doorganization
definition would become definition organization {
// The platform is generally a singleton pointing to the same
// platform object, on which the superuser is in turn granted
// access.
relation platform: platform
relation administrator: user
permission admin = administrator + platform->super_admin
}
vroldanbet
02/16/2023, 9:34 AMjzelinskie
02/16/2023, 6:37 PMfierro
02/17/2023, 3:44 AM