summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-07-23 14:43:39 -0600
committermo khan <mo@mokhan.ca>2025-07-23 14:43:39 -0600
commit464daeefc39bd6877948177c833a8425ff367242 (patch)
tree8b174eff20a43aaf23c5423f8c70d1fdcb5bd8f8
parent8ee0c453f6a6e719e69299f1949f48e289b33235 (diff)
chore: allow everyone to read all sparkles
Diffstat
-rw-r--r--etc/authzd/relationships.yaml16
-rw-r--r--etc/authzd/schema.zed3
2 files changed, 17 insertions, 2 deletions
diff --git a/etc/authzd/relationships.yaml b/etc/authzd/relationships.yaml
index b8ebe50..7f93052 100644
--- a/etc/authzd/relationships.yaml
+++ b/etc/authzd/relationships.yaml
@@ -3,10 +3,24 @@ relationships: >-
sparkle:1#author@user:mokhax
sparkle:1#sparklee@user:tanuki
+
+ sparkle:1#reader@user:*
+
+ sparkle:2#author@user:mona
+
+ sparkle:2#sparklee@user:tanuki
+
+ sparkle:2#reader@user:*
assertions:
assertTrue:
- - "sparkle:1#write@user:mokhax"
- "sparkle:1#read@user:mokhax"
- "sparkle:1#read@user:tanuki"
+ - "sparkle:1#write@user:mokhax"
+ - "sparkle:2#read@user:mokhax"
+ - "sparkle:2#read@user:mona"
+ - "sparkle:2#read@user:tanuki"
+ - "sparkle:2#write@user:mona"
assertFalse:
- "sparkle:1#write@user:tanuki"
+ - "sparkle:2#write@user:tanuki"
+ - "sparkle:2#write@user:mokha"
diff --git a/etc/authzd/schema.zed b/etc/authzd/schema.zed
index b0e8e74..9af95cc 100644
--- a/etc/authzd/schema.zed
+++ b/etc/authzd/schema.zed
@@ -3,7 +3,8 @@ definition user {}
definition sparkle {
relation author: user
relation sparklee: user
+ relation reader: user:*
- permission read = sparklee + author
+ permission read = sparklee + author + reader
permission write = author
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 04:12:37 +0000