github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/indirectnestedgroups.yaml (about) 1 --- 2 schema: |+ 3 definition user {} 4 5 definition group { 6 relation direct_member: user 7 relation intern: user 8 relation allowed: user 9 permission intern_but_not_allowed = intern - allowed 10 permission non_intern_member = direct_member - intern_but_not_allowed 11 } 12 13 definition document { 14 relation viewer: user | group#non_intern_member 15 permission view = viewer 16 } 17 18 relationships: | 19 document:firstdoc#viewer@user:tom#... 20 document:firstdoc#viewer@group:engineering#non_intern_member 21 group:engineering#direct_member@user:sarah#... 22 group:engineering#direct_member@user:fred#... 23 group:engineering#direct_member@user:james#... 24 group:engineering#direct_member@user:tom#... 25 group:engineering#direct_member@user:jim#... 26 group:engineering#direct_member@user:tim#... 27 group:engineering#direct_member@user:frank#... 28 group:engineering#intern@user:james#... 29 group:engineering#intern@user:tom#... 30 group:engineering#intern@user:jim#... 31 group:engineering#intern@user:tim#... 32 group:engineering#intern@user:frank#... 33 group:engineering#allowed@user:tim#... 34 assertions: 35 assertTrue: 36 - "document:firstdoc#view@user:tom#..." 37 - "document:firstdoc#view@user:sarah#..." 38 - "document:firstdoc#view@user:fred#..." 39 - "document:firstdoc#view@user:tim#..." 40 assertFalse: 41 - "document:firstdoc#view@user:james#..." 42 - "document:firstdoc#view@user:jim#..." 43 - "document:firstdoc#view@user:frank#..."