diff options
| -rw-r--r-- | Makefile | 12 | ||||
| -rw-r--r-- | etc/authzd/spice.schema | 10 |
2 files changed, 14 insertions, 8 deletions
@@ -83,8 +83,14 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token run-spicedb: @spicedb serve --grpc-preshared-key "secret" -run-spice-schema-load: +run-spicedb-setup: @zed --endpoint ":50051" --token "secret" --insecure schema write etc/authzd/spice.schema - -run-spice-schema-read: @zed --endpoint ":50051" --token "secret" --insecure schema read + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 maintainer user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 developer user:tanuki + +run-spicedb-permission-check: + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:tanuki + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:tanuki diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema index 74d0a7d6..0d6a6482 100644 --- a/etc/authzd/spice.schema +++ b/etc/authzd/spice.schema @@ -1,7 +1,7 @@ definition user {} -definition post { - relation reader: user - relation writer: user - permission read = reader + writer - permission write = writer +definition project { + relation developer: user + relation maintainer: user + permission read = developer + maintainer + permission write = maintainer } |