Merge pull request #328 from aserto-dev/manager-relation

Flip the "manager" relation in citadel and acmecorp

assets/acmecorp/manifest.yaml

@@ -17,15 +17,21 @@ types:
       ### display_name: user#manager ###
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   ### display_name: Identity ###
   identity:
     relations:
       ### display_name: identity#identifier ###
       identifier: user
 
+
   ### display_name: Group ###
   group:
     relations:
       ### display_name: group#member ###
-      member: user
+      member: user | group#member
 

assets/citadel/citadel_relations.json

@@ -2,31 +2,31 @@
   "relations": [
     {
       "object_type": "user",
-      "object_id": "beth@the-smiths.com",
+      "object_id": "jerry@the-smiths.com",
       "relation": "manager",
       "subject_type": "user",
-      "subject_id": "jerry@the-smiths.com"
+      "subject_id": "beth@the-smiths.com"
     },
     {
       "object_type": "user",
-      "object_id": "rick@the-citadel.com",
+      "object_id": "beth@the-smiths.com",
       "relation": "manager",
       "subject_type": "user",
-      "subject_id": "beth@the-smiths.com"
+      "subject_id": "rick@the-citadel.com"
     },
     {
       "object_type": "user",
-      "object_id": "rick@the-citadel.com",
+      "object_id": "morty@the-citadel.com",
       "relation": "manager",
       "subject_type": "user",
-      "subject_id": "morty@the-citadel.com"
+      "subject_id": "rick@the-citadel.com"
     },
     {
       "object_type": "user",
-      "object_id": "rick@the-citadel.com",
+      "object_id": "summer@the-smiths.com",
       "relation": "manager",
       "subject_type": "user",
-      "subject_id": "summer@the-smiths.com"
+      "subject_id": "rick@the-citadel.com"
     },
     {
       "object_type": "identity",

assets/citadel/ds-load/citadel.json

@@ -187,31 +187,31 @@
     "relations": [
       {
         "object_type": "user",
-        "object_id": "beth@the-smiths.com",
+        "object_id": "jerry@the-smiths.com",
         "relation": "manager",
         "subject_type": "user",
-        "subject_id": "jerry@the-smiths.com"
+        "subject_id": "beth@the-smiths.com"
       },
       {
         "object_type": "user",
-        "object_id": "rick@the-citadel.com",
+        "object_id": "beth@the-smiths.com",
         "relation": "manager",
         "subject_type": "user",
-        "subject_id": "beth@the-smiths.com"
+        "subject_id": "rick@the-citadel.com"
       },
       {
         "object_type": "user",
-        "object_id": "rick@the-citadel.com",
+        "object_id": "morty@the-citadel.com",
         "relation": "manager",
         "subject_type": "user",
-        "subject_id": "morty@the-citadel.com"
+        "subject_id": "rick@the-citadel.com"
       },
       {
         "object_type": "user",
-        "object_id": "rick@the-citadel.com",
+        "object_id": "summer@the-smiths.com",
         "relation": "manager",
         "subject_type": "user",
-        "subject_id": "summer@the-smiths.com"
+        "subject_id": "rick@the-citadel.com"
       },
       {
         "object_type": "identity",

assets/citadel/manifest.yaml

@@ -17,12 +17,18 @@ types:
       ### display_name: user#manager ###
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   ### display_name: Identity ###
   identity:
     relations:
       ### display_name: identity#identifier ###
       identifier: user
 
+
   ### display_name: Group ###
   group:
     relations:

assets/gdrive/manifest.yaml

@@ -17,18 +17,25 @@ types:
       ### display_name: user#manager ###
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   ### display_name: Identity ###
   identity:
     relations:
       ### display_name: identity#identifier ###
       identifier: user
 
+
   ### display_name: Group ###
   group:
     relations:
       ### display_name: group#member ###
       member: user | group#member
 
+
   # folder represents a collection of documents and/or other folders
   folder:
     relations:
@@ -43,6 +50,7 @@ types:
       can_write: editor | can_share | parent->can_write
       can_read:  viewer | can_write | parent->can_read
 
+
   # doc represents a document within a folder
   doc:
     relations:

assets/github/manifest.yaml

@@ -15,19 +15,27 @@ types:
     relations:
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   # group represents a collection of users and/or (nested) groups
   group:
     relations:
       member: user | group#member
 
+
   # identity represents a collection of identities for users
   identity:
     relations:
       identifier: user
 
+
   team:
     relations:
-      member: user | team#member
+      member: user | team#member | group#member
+
 
   organization:
     relations:
@@ -44,6 +52,7 @@ types:
       can_write:      repo_writer | can_administer
       can_read:       repo_reader | can_write
 
+
   repo:
     relations:
       owner: organization

assets/simple-rbac/manifest.yaml

@@ -12,16 +12,23 @@ types:
     relations:
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   # group represents a collection of users and/or (nested) groups
   group:
     relations:
       member: user | group#member
 
+
   # identity represents a collection of identities for users
   identity:
     relations:
       identifier: user
 
+
   # resource creator represents a user type that can create new resources
   resource-creator:
     relations:
@@ -30,6 +37,7 @@ types:
     permissions:
       can_create_resource: member
 
+
   # resource represents a protected resource
   resource:
     relations:

assets/slack/manifest.yaml

@@ -16,18 +16,25 @@ types:
       ### display_name: user#manager ###
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   ### display_name: Identity ###
   identity:
     relations:
       ### display_name: identity#identifier ###
       identifier: user
 
+
   ### display_name: Group ###
   group:
     relations:
       ### display_name: group#member ###
       member: user | group#member
 
+
   channel:
     relations:
       parent_workspace: workspace
@@ -41,6 +48,7 @@ types:
       can_comment: commenter | can_write
       can_read:    can_comment
 
+
   workspace:
     relations:
       channels_admin: user

assets/todo/manifest.yaml

@@ -12,16 +12,23 @@ types:
     relations:
       manager: user
 
+    permissions:
+      ### display_name: user#in_management_chain ###
+      in_management_chain: manager | manager->in_management_chain
+
+
   # group represents a collection of users and/or (nested) groups
   group:
     relations:
       member: user | group#member
 
+
   # identity represents a collection of identities for users
   identity:
     relations:
       identifier: user
 
+
   # resource creator represents a user type that can create new resources
   resource-creator:
     relations:
@@ -30,6 +37,7 @@ types:
     permissions:
       can_create_resource: member
 
+
   # resource represents a protected resource
   resource:
     relations: