github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/teamwitharrow.yaml

github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/teamwitharrow.yaml (about)

     1  ---
     2  schema: >-
     3    definition test/user {}
     4  
     5  
     6    definition test/team {
     7        relation parent: test/organization | test/team
     8  
     9        relation maintainer: test/user
    10        relation direct_member: test/user
    11  
    12        permission member = maintainer + direct_member
    13  
    14        permission change_name = maintainer + parent->change_team_name + parent->change_name
    15    }
    16  
    17  
    18    definition test/organization {
    19        relation owner: test/user
    20        relation member: test/user
    21        relation billing_manager: test/user
    22        relation team_maintainer: test/user
    23  
    24        // Repository actions
    25        permission create_repository = owner + member
    26  
    27        // Organization settings
    28        permission manage_billing = owner + billing_manager
    29        permission user_seat = owner + member + team_maintainer
    30  
    31        // Team permissions
    32        permission change_team_name = team_maintainer + owner
    33    }
    34  
    35  
    36    definition test/repository {
    37        relation organization: test/organization
    38  
    39        // Repository roles
    40        relation reader: test/user | test/team#member
    41        relation triager: test/user | test/team#member
    42        relation writer: test/user | test/team#member
    43        relation maintainer: test/user | test/team#member
    44        relation admin: test/user | test/team#member
    45  
    46        // Git Actions
    47      	permission clone = reader + triager + push
    48        permission push = writer + maintainer + admin + organization->owner
    49  
    50        // Web actions
    51        permission read = reader + triager + writer + maintainer + admin + organization->owner
    52        permission delete_repository = admin + organization->owner
    53  
    54        // Issues
    55        permission create_issue = read
    56        permission close_issue = triager + writer + maintainer + admin + organization->owner
    57  
    58        // Pull requests
    59        permission create_pull_request = read
    60        permission merge_pull_request = maintainer + organization->owner
    61        permission close_pull_request = triager + writer + maintainer + admin + organization->owner
    62  
    63        // Coarse grained
    64        permission manage_setting = maintainer + admin + organization->owner
    65        permission manage_sensitive_setting = admin + organization->owner
    66    }
    67  relationships: |
    68    test/repository:authzed_go#organization@test/organization:authzed#...
    69    test/repository:authzed_go#reader@test/user:jake#...
    70    test/repository:authzed_go#admin@test/user:jimmy#...
    71    test/repository:authzed_go#triager@test/user:jessica#...
    72    test/repository:authzed_go#maintainer@test/team:support_engineers#member
    73    test/organization:authzed#owner@test/user:jake#...
    74    test/organization:authzed#owner@test/user:jimmy#...
    75    test/team:support_engineers#maintainer@test/user:ivan#...
    76    test/team:support_engineers#direct_member@test/user:ian#...
    77    test/team:support_engineers#parent@test/organization:authzed#...
    78    test/team:emea_support_engineers#direct_member@test/user:iona#...
    79    test/team:emea_support_engineers#parent@test/team:support_engineers#...
    80  assertions:
    81    assertTrue:
    82      - "test/repository:authzed_go#read@test/user:jake#..."
    83      - "test/repository:authzed_go#read@test/user:jimmy#..."
    84    assertFalse:
    85      - "test/repository:authzed_go#admin@test/user:jake#..."