https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> I have the following permission mod...
# ory-copilot
m
@chilly-king-10285 I have the following permission model:
Copy code
class Company implements Namespace {
  related: {
    admins: User[]
  }

  permits = {
    owner: (ctx: Context): boolean =>
      this.related.admins.includes(ctx.subject)
  }
}
class LearningPlan implements Namespace {
  related: {
    owners: User[]
    companies: Company[]
  }

  permits = {
    owner: (ctx: Context): boolean =>
      this.related.companies.traverse((parent) => parent.permits.owner(ctx)) ||
      this.related.owners.includes(ctx.subject)
  }
}
With these relations: • Subject 
companies/simpleclub
is 
companies
of Object 
LearningPlan:learning_plans/xyz
c
A message from kapa.ai
Your permission model defines two classes: 
Company
and 
LearningPlan
. In the 
Company
class, you have defined a relation 
admins
which is an array of 
User
objects. The 
permits
function 
owner
checks if the 
subject
is included in the 
admins
array. In the 
LearningPlan
class, you have defined two relations: 
owners
and 
companies
. The 
owners
relation is an array of 
User
objects, and the 
companies
relation is an array of 
Company
objects. The 
permits
function 
owner
checks if the 
subject
is an owner of any of the related companies or if the 
subject
is included in the 
owners
array. The relation you mentioned, 
Subject companies/simpleclub is companies of Object LearningPlan:learning_plans/xyz
, implies that the 
Company
with the identifier 
simpleclub
is related to the 
LearningPlan
with the identifier 
xyz
through the 
companies
relation. This means that if a 
User
is an admin of the 
Company
simpleclub
, they will be permitted the 
owner
permission of the 
LearningPlan
xyz
according to your model. For more information on how to define permissions in Ory, you can refer to the [Ory documentation](https://www.ory.sh/docs/keto/modeling/create-permission-model#define-permissions-in-the-opl).
Open in Slack
PreviousNext
Powered by