definition user {}

definition group {
  relation parent: group

  relation guest: user
  relation planner: user
  relation reporter: user
  relation developer: user
  relation maintainer: user
  relation owner: user
}

definition project {
  relation parent: group

  relation guest: user
  relation planner: user
  relation reporter: user
  relation developer: user
  relation maintainer: user
  relation owner: user

  permission push_code = developer + maintainer + owner + parent->developer + parent->maintainer + parent->owner
}

definition resource {
  relation reader: user | user:*
  relation writer: user | user:*

  permission read = reader + writer
  permission create = writer
  permission update = writer
  permission delete = writer
}