Created
September 29, 2023 17:44
-
-
Save ghstahl/992992485035ffddde86ec8b50b9a63f to your computer and use it in GitHub Desktop.
OpenFGA github type model with flat permissions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| model | |
| schema 1.1 | |
| type feature | |
| relations | |
| define access: subscriber_member from associated_plan | |
| define associated_plan: [plan] | |
| define subscriber: subscriber from associated_plan | |
| type feature_repo | |
| relations | |
| define feature: [feature] | |
| type flat_permission | |
| relations | |
| define access: normal_member or admin_member | |
| define admin_member: admin_member from associated_org | |
| define normal_member: member from associated_org and associated_user | |
| define associated_org: [org] | |
| define associated_user: [user] | |
| type integrity | |
| relations | |
| define member: [user] and member_in_context | |
| define member_in_context: [user] | |
| type org | |
| relations | |
| define admin_member: member from admin_repo | |
| define admin_repo: [user_repo] | |
| define member: org_member or admin_member | |
| define org_member: [user] and member from user_repo and user_in_context | |
| define user_in_context: [user] | |
| define user_repo: [user_repo] | |
| type permission | |
| relations | |
| define access: access from associated_feature and member from associated_role | |
| define associated_feature: [feature] | |
| define associated_role: [role] | |
| define associated_role_group: associated_role_group from associated_role | |
| define subscriber: subscriber from associated_feature | |
| type permission_repo | |
| relations | |
| define permission: [permission] | |
| type plan | |
| relations | |
| define associated_plan_group: [plan_group] | |
| define subscriber: subscriber from associated_plan_group | |
| define subscriber_member: member from associated_plan_group | |
| type plan_group | |
| relations | |
| define member: member from subscriber | |
| define plan_access: plan from plan_provider | |
| define plan_provider: [plan_provider] | |
| define subscriber: [org] | |
| type plan_provider | |
| relations | |
| define plan: [plan] and plan from plan_repo | |
| define plan_repo: [plan_repo] | |
| type plan_repo | |
| relations | |
| define plan: [plan] | |
| type role | |
| relations | |
| define associated_role_group: [role_group] | |
| define member: org_member_or_admin from associated_role_group | |
| type role_group | |
| relations | |
| define member: [user,org#member] and member from owner | |
| define org_member_or_admin: member or admin_member from owner | |
| define owner: [org] | |
| type role_repo | |
| relations | |
| define role: [role] | |
| type user | |
| type user_repo | |
| relations | |
| define integrity: [integrity] | |
| define member: [user] and member from integrity |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment