From 176aae037400b43cb3971cd968afe59c73b3097a Mon Sep 17 00:00:00 2001 From: benj Date: Sat, 31 Dec 2022 21:53:34 -0800 Subject: cleanup authz --- crates/iam/src/main.rs | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) (limited to 'crates/iam/src/main.rs') diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs index c2ab5a3..ae44b46 100644 --- a/crates/iam/src/main.rs +++ b/crates/iam/src/main.rs @@ -58,7 +58,26 @@ async fn exec() -> Result> { std::env::set_var(ENV_SPICE_SERVER, "http://[::1]:50051"); let secd = Secd::init(Some( - "definition user {}\ndefinition organization {\n relation member: user \n }\n", + r#" +definition user {} + +definition organization { + relation r_member: user + relation r_admin: user + + permission member = r_admin + r_member + permission admin = r_admin +} + +definition plugin { + relation r_creator: user | organization#admin + relation r_editor: user + relation r_viewer: user + + permission creator = r_creator + r_creator->admin + permission editor = r_editor + r_creator + r_creator->admin + permission viewer = r_viewer + r_editor + r_creator + r_creator->admin +}"#, )) .await .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?; @@ -72,7 +91,7 @@ async fn exec() -> Result> { "organization".into(), Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(), ), - relation: "member".into(), + relation: "r_member".into(), }]) .await .unwrap(); @@ -87,7 +106,7 @@ async fn exec() -> Result> { "organization".into(), Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(), ), - relation: "memb".into(), + relation: "member".into(), }) .await { -- cgit v1.2.3