From 144a1b7cfae5b3ee44b8403c3178892881743916 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 10 Sep 2025 13:43:43 -0600
Subject: chore: add standard roles to spice schema

---
 etc/authzd/spice.schema | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema
index 0f3494f7..96e753bf 100644
--- a/etc/authzd/spice.schema
+++ b/etc/authzd/spice.schema
@@ -1,19 +1,27 @@
 definition user {}
 
-definition project {
+definition group {
+  relation parent: group
+
   relation guest: user
   relation planner: user
   relation reporter: user
   relation developer: user
   relation maintainer: user
   relation owner: user
-  relation admin: user
-
-  permission read = developer + maintainer
-  permission write = maintainer
 }
 
-definition group {
+definition project {
+  relation parent: group
+
+  relation guest: user
+  relation planner: user
+  relation reporter: user
+  relation developer: user
+  relation maintainer: user
+  relation owner: user
+
+  permission push_code = developer + maintainer + owner + parent->developer + parent->maintainer + parent->owner
 }
 
 definition resource {
-- 
cgit v1.2.3