>

Apply for $700 in starter credits on AuthZed Cloud

[Apply now]

GitHub-style repositories

Models repositories, teams, and organizations with reader / triager / writer / maintainer / admin roles, the way GitHub does it.

Real-worldView on GitHub

GitHub-style repositories

Models repositories, teams, and organizations with reader / triager / writer / maintainer / admin roles, the way GitHub does it.

definition user {}

definition team {
    relation parent: organization | team
    relation maintainer: user
    relation direct_member: user

    permission member = maintainer + direct_member
    permission change_team_name = maintainer + parent->change_team_name
}

definition organization {
    relation own: user
    relation member: user
    relation billing_manager: user
    relation team_maintainer: user

    // Repository actions
    permission create_repository = owner + member

    // Organization settings
    permission manage_billing = owner + billing_manager
    permission user_seat = owner + member + team_maintainer
    permission owner = own

    // Team permissions
    permission change_team_name = team_maintainer + owner
}

definition repository {
    relation organization: organization

    // Repository roles
    relation reader: user | team#member
    relation triager: user | team#member
    relation writer: user | team#member
    relation maintainer: user | team#member
    relation admin: user | team#member

    // Git Actions
    permission clone = reader + triager + push
    permission push = writer + maintainer + admin + organization->owner

    // Web actions
    permission read = reader + triager + writer + maintainer + admin + organization->owner
    permission delete = admin + organization->owner

    // Issues
    permission create_issue = read
    permission close_issue = triager + writer + maintainer + admin + organization->owner

    // Pull requests
    permission create_pull_request = read
    permission merge_pull_request = maintainer + organization->owner
    permission close_pull_request = triager + writer + maintainer + admin + organization->owner

    // Coarse grained
    permission manage_setting = maintainer + admin + organization->owner
    permission manage_sensitive_setting = admin + organization->owner
}

Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.