chore: add standard roles to spice schema

author: mo khan <mo@mokhan.ca> 2025-09-10 13:43:43 -0600
committer: mo khan <mo@mokhan.ca> 2025-09-10 13:43:43 -0600
commit: 144a1b7cfae5b3ee44b8403c3178892881743916 (patch)
tree: a43ec4cb1e494c0e0b82238ede55bfe9bfd0b1a9
parent: add8183deec1bcff7ef9b8062d78e25ab799d015 (diff)
1 files changed, 14 insertions, 6 deletions
diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema
index 0f3494f7..96e753bf 100644
--- a/etc/authzd/spice.schema
+++ b/etc/authzd/spice.schema
@@ -1,19 +1,27 @@
 definition user {}
 
-definition project {
+definition group {
+  relation parent: group
+
   relation guest: user
   relation planner: user
   relation reporter: user
   relation developer: user
   relation maintainer: user
   relation owner: user
-  relation admin: user
-
-  permission read = developer + maintainer
-  permission write = maintainer
 }
 
-definition group {
+definition project {
+  relation parent: group
+
+  relation guest: user
+  relation planner: user
+  relation reporter: user
+  relation developer: user
+  relation maintainer: user
+  relation owner: user
+
+  permission push_code = developer + maintainer + owner + parent->developer + parent->maintainer + parent->owner
 }
 
 definition resource {
author	mo khan <mo@mokhan.ca>	2025-09-10 13:43:43 -0600
committer	mo khan <mo@mokhan.ca>	2025-09-10 13:43:43 -0600
commit	144a1b7cfae5b3ee44b8403c3178892881743916 (patch)
tree	a43ec4cb1e494c0e0b82238ede55bfe9bfd0b1a9
parent	add8183deec1bcff7ef9b8062d78e25ab799d015 (diff)