[spicedb] Small schema adjustments

Author: geropl

components/server/src/authorization/definitions.ts

@@ -13,9 +13,9 @@ export type Permission = UserPermission | InstallationPermission | OrganizationP
 
 export type UserResourceType = "user";
 
-export type UserRelation = "self" | "container";
+export type UserRelation = "self" | "organization" | "installation";
 
-export type UserPermission = "read_info" | "write_info" | "suspend";
+export type UserPermission = "read_info" | "write_info";
 
 export type InstallationResourceType = "installation";
 

components/spicedb/schema/schema.yaml

@@ -5,12 +5,14 @@
 schema: |-
   definition user {
     relation self: user
-    relation container: organization | installation
+
+    // Only ONE of the following relations is ever present for a given user (XOR)
+    relation organization: organization
+    relation installation: installation
 
     // permissions
-    permission read_info = self + container->member + container->owner + container->admin
-    permission write_info = self + container->owner + container->admin
-    permission suspend = self + container->owner + container->admin
+    permission read_info = self + organization->member + organization->owner + installation->admin
+    permission write_info = self
   }
 
   // There's only one global installation
@@ -80,7 +82,7 @@ schema: |-
 relationships: |-
   // we have one installation
   installation:installation_0#member@user:user_0
-  user:user_0#container@installation:installation_0
+  user:user_0#installation@installation:installation_0
 
   installation:installation_0#admin@user:user_admin