From 30ffd692e3749e38f9ab05d04a15d0dcdf186610 Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 14 Jul 2025 11:45:00 -0600 Subject: chore: rework examples to use project and gitlab roles --- Makefile | 12 +++++++++--- etc/authzd/spice.schema | 10 +++++----- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 35886d64..8eeadc86 100644 --- a/Makefile +++ b/Makefile @@ -83,8 +83,14 @@ production-entities: $(AUTHZD_BIN) check-gitlab-token run-spicedb: @spicedb serve --grpc-preshared-key "secret" -run-spice-schema-load: +run-spicedb-setup: @zed --endpoint ":50051" --token "secret" --insecure schema write etc/authzd/spice.schema - -run-spice-schema-read: @zed --endpoint ":50051" --token "secret" --insecure schema read + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 maintainer user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure relationship create project:1 developer user:tanuki + +run-spicedb-permission-check: + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:mokhax + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 read user:tanuki + @zed --endpoint ":50051" --token "secret" --insecure permission check project:1 write user:tanuki diff --git a/etc/authzd/spice.schema b/etc/authzd/spice.schema index 74d0a7d6..0d6a6482 100644 --- a/etc/authzd/spice.schema +++ b/etc/authzd/spice.schema @@ -1,7 +1,7 @@ definition user {} -definition post { - relation reader: user - relation writer: user - permission read = reader + writer - permission write = writer +definition project { + relation developer: user + relation maintainer: user + permission read = developer + maintainer + permission write = maintainer } -- cgit v1.2.3