diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-14 11:45:00 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-14 11:45:00 -0600 |
| commit | 30ffd692e3749e38f9ab05d04a15d0dcdf186610 (patch) | |
| tree | 71952f8f18a392f112f0977116e8632a9924c76d | |
| parent | fa92e7d1b3a61deb3d16db2f6546677040e395cd (diff) | |
chore: rework examples to use project and gitlab roles
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | etc/authzd/spice.schema | 10 |
2 files changed, 14 insertions, 8 deletions
@@ -83,8 +83,14 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token run-spicedb: @spicedb serve --grpc-preshared-key "secret" -run-spice-schema-load: +run-spicedb-setup: @zed --endpoint ":50051" --token "secret" --insecure schema write etc/authzd/spice.schema - -run-spice-schema-read: @zed --endpoint ":50051" --token "secret" --insecure schema read + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 maintainer user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 developer user:tanuki + +run-spicedb-permission-check: + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:tanuki + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:tanuki diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema index 74d0a7d6..0d6a6482 100644 --- a/etc/authzd/spice.schema +++ b/etc/authzd/spice.schema @@ -1,7 +1,7 @@ definition user {} -definition post { - relation reader: user - relation writer: user - permission read = reader + writer - permission write = writer +definition project { + relation developer: user + relation maintainer: user + permission read = developer + maintainer + permission write = maintainer } |