Skip to content

Need help with modelling attribute based permission change #81

Answered by jon-whit
neeraj-ec asked this question in Q&A
Discussion options

You must be logged in to vote

Since OpenFGA uses relationships to determine authorization outcomes, every state of the authorization decision has to somehow be encoded in a Relationship Tuple that is stored in OpenFGA OR provided as a Contextual Tuple in the request (at request time).

To model this scenario you could model the state of the project status as a relationship and then use that as a conditional guard in the relation definition for project#can_delete. For example,

type user

type org
  relations
    define editor as self
    define member as self

type project
  relations
    define owner as self
    define org as self
    define project_draft as self
    define project_published as self
    define can_dele…

Replies: 1 comment 2 replies

Comment options

You must be logged in to vote
2 replies
@neeraj-ec
Comment options

@jon-whit
Comment options

Answer selected by neeraj-ec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
Modeling questions related to modeling
2 participants