-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discord permissions system example #145
Conversation
A general suggestion: Use CLI like other examples (document cloud and github). |
Thanks for your suggestions! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be great to refine these, and dig into the details to get all the permissions working.
Permission::"SendMessage" Permission::"KickMember" | ||
▲ ▲ ▲ | ||
│ └───────────────────┐ │ | ||
│ │ │ | ||
Role::"everyone" Role::"admin" | ||
▲ ▲ | ||
│ │ | ||
User::"yihong" User::"oflatt" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIUC Discord correctly, a role is assigned permissions for a particular channel. So I don't see how it makes sense for the hierarchy to just relate Role
to Permission
.
I would think you need to set it up so that you have Channel
resource, and that when the operator assigns permissions to a channel for a role, you basically create an ad hoc policy that expresses those permissions.
You also seem to be missing the concepts of Category
for channels (which can be "synced" or not), and the fact that permissions can apply to all channels (server wide). I would think you need a Server
object which channels are in
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great ideas!
I suggest that we merge this PR without channels (I'll re-name Channel to Server for now)
I'll submit a follow-up PR that introduces channels, and another for categories.
b61c244
to
e3b7602
Compare
Signed-off-by: oflatt <oflatt@gmail.com> convert json to natural Signed-off-by: Oliver Flatt <oflatt@gmail.com> inline schema Signed-off-by: Oliver Flatt <oflatt@gmail.com> refer to cedar 4.0 (oops) Signed-off-by: Oliver Flatt <oflatt@gmail.com> discord example first try Signed-off-by: Oliver Flatt <oflatt@gmail.com> move to examples folder Signed-off-by: Oliver Flatt <oflatt@gmail.com> working on using existing infra Signed-off-by: Oliver Flatt <oflatt@gmail.com> more progress on entities.json Signed-off-by: Oliver Flatt <oflatt@gmail.com> working on simple examples Signed-off-by: Oliver Flatt <oflatt@gmail.com> remove old rust code Signed-off-by: Oliver Flatt <oflatt@gmail.com> some comment fixes Signed-off-by: Oliver Flatt <oflatt@gmail.com> simplify slightly Signed-off-by: Oliver Flatt <oflatt@gmail.com> make manage role Signed-off-by: Oliver Flatt <oflatt@gmail.com> a couple examples of managing roles Signed-off-by: Oliver Flatt <oflatt@gmail.com> better readme Signed-off-by: Oliver Flatt <oflatt@gmail.com> replace channels with a single server for now Signed-off-by: Oliver Flatt <oflatt@gmail.com> add note in readme Signed-off-by: Oliver Flatt <oflatt@gmail.com>
e3b7602
to
c01ec20
Compare
Signed-off-by: oflatt <oflatt@gmail.com>
edfa851
to
3bda1a5
Compare
Marking as a draft for now- |
when | ||
{ | ||
// the user's channel matches the resource | ||
(principal.channel == resource) && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR introduces a new example to the cedar repository, modeling some of the Discord permissions model.
See the README for more.