Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discord permissions system example #145

Closed
wants to merge 10 commits into from
Closed

Discord permissions system example #145

wants to merge 10 commits into from

Conversation

oflatt
Copy link
Contributor

@oflatt oflatt commented Jun 4, 2024

This PR introduces a new example to the cedar repository, modeling some of the Discord permissions model.
See the README for more.

@oflatt oflatt marked this pull request as draft June 4, 2024 21:44
@shaobo-he-aws
Copy link
Contributor

A general suggestion: Use CLI like other examples (document cloud and github).

@oflatt
Copy link
Contributor Author

oflatt commented Jun 4, 2024

Thanks for your suggestions!
I'll add CLI and also CI

mwhicks1
mwhicks1 requested changes Jun 6, 2024
View reviewed changes
Copy link
Contributor

@mwhicks1 mwhicks1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great to refine these, and dig into the details to get all the permissions working.

cedar-example-use-cases/discord/README.md Outdated
Comment on lines 11 to 19
Permission::"SendMessage" Permission::"KickMember"
▲ ▲ ▲
│ └───────────────────┐ │
│ │ │
Role::"everyone" Role::"admin"
▲ ▲
│ │
User::"yihong" User::"oflatt"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC Discord correctly, a role is assigned permissions for a particular channel. So I don't see how it makes sense for the hierarchy to just relate Role to Permission.

I would think you need to set it up so that you have Channel resource, and that when the operator assigns permissions to a channel for a role, you basically create an ad hoc policy that expresses those permissions.

You also seem to be missing the concepts of Category for channels (which can be "synced" or not), and the fact that permissions can apply to all channels (server wide). I would think you need a Server object which channels are in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great ideas!
I suggest that we merge this PR without channels (I'll re-name Channel to Server for now)
I'll submit a follow-up PR that introduces channels, and another for categories.

@oflatt
add basic discord example
c01ec20 
Signed-off-by: oflatt <oflatt@gmail.com>

convert json to natural
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

inline schema
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

refer to cedar 4.0 (oops)
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

discord example first try
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

move to examples folder
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

working on using existing infra
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

more progress on entities.json
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

working on simple examples
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

remove old rust code
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

some comment fixes
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

simplify slightly
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

make manage role
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

a couple examples of managing roles
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

better readme
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

replace channels with a single server for now
Signed-off-by: Oliver Flatt <oflatt@gmail.com>

add note in readme
Signed-off-by: Oliver Flatt <oflatt@gmail.com>
@oflatt
simplify discord policies.cedar
3bda1a5 
Signed-off-by: oflatt <oflatt@gmail.com>
@oflatt oflatt marked this pull request as ready for review June 6, 2024 18:48
@oflatt oflatt requested review from emina and mwhicks1 June 6, 2024 18:49
@oflatt oflatt changed the title [WIP] Discord cedar example Simplified discord cedar example Jun 6, 2024
@oflatt oflatt marked this pull request as draft June 6, 2024 21:07
@oflatt
Copy link
Contributor Author

oflatt commented Jun 6, 2024

Marking as a draft for now-
We'd like to flesh out the example more and see if it still works with more of the complexity of the discord permissions system.

@oflatt oflatt changed the title Simplified discord cedar example Discord permissions system example Jun 6, 2024
emina
emina reviewed Jun 7, 2024
View reviewed changes
cedar-example-use-cases/discord/policies.cedar
when
{
// the user's channel matches the resource
(principal.channel == resource) &&
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.