generated from coulomb/repo-seed
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
# Topaz v3 manifest for the flex-auth alignment spike.
|
|
#
|
|
# Mirrors flex-auth's canonical resource/subject/group/relation
|
|
# vocabulary, scoped to the subset the Markitect internal-document
|
|
# fixture exercises. Reference: docs/topaz-mapping-spike.md.
|
|
#
|
|
# Notes on Topaz syntax:
|
|
# - relations: union types only ( | ) and group-member shorthand ( # ).
|
|
# - permissions: also support the parent-walk operator ( -> ).
|
|
# yaml-language-server: $schema=https://www.topaz.sh/schema/manifest.json
|
|
---
|
|
model:
|
|
version: 3
|
|
|
|
types:
|
|
user:
|
|
relations:
|
|
manager: user
|
|
|
|
identity:
|
|
relations:
|
|
identifier: user
|
|
|
|
group:
|
|
relations:
|
|
member: user | group#member
|
|
|
|
tenant:
|
|
relations:
|
|
member: user | group#member
|
|
|
|
knowledge_base:
|
|
relations:
|
|
tenant: tenant
|
|
owner_team: group
|
|
reader: user | group#member
|
|
steward: user | group#member
|
|
permissions:
|
|
read: reader | steward
|
|
admin: steward
|
|
|
|
document:
|
|
relations:
|
|
parent: knowledge_base
|
|
owner_team: group
|
|
reader: user | group#member
|
|
steward: user | group#member
|
|
permissions:
|
|
read: reader | steward | parent->read
|
|
query: reader | steward | parent->read
|
|
search: reader | steward | parent->read
|
|
export: steward
|
|
admin: steward | parent->admin
|