- Home
- Learn
- SpiceDB Schema Examples
- GitHub-style repositories
GitHub-style repositories
Models repositories, teams, and organizations with reader / triager / writer / maintainer / admin roles, the way GitHub does it.
Real-worldView on GitHub
GitHub-style repositories
Models repositories, teams, and organizations with reader / triager / writer / maintainer / admin roles, the way GitHub does it.
definition user {}
definition team {
relation parent: organization | team
relation maintainer: user
relation direct_member: user
permission member = maintainer + direct_member
permission change_team_name = maintainer + parent->change_team_name
}
definition organization {
relation own: user
relation member: user
relation billing_manager: user
relation team_maintainer: user
// Repository actions
permission create_repository = owner + member
// Organization settings
permission manage_billing = owner + billing_manager
permission user_seat = owner + member + team_maintainer
permission owner = own
// Team permissions
permission change_team_name = team_maintainer + owner
}
definition repository {
relation organization: organization
// Repository roles
relation reader: user | team#member
relation triager: user | team#member
relation writer: user | team#member
relation maintainer: user | team#member
relation admin: user | team#member
// Git Actions
permission clone = reader + triager + push
permission push = writer + maintainer + admin + organization->owner
// Web actions
permission read = reader + triager + writer + maintainer + admin + organization->owner
permission delete = admin + organization->owner
// Issues
permission create_issue = read
permission close_issue = triager + writer + maintainer + admin + organization->owner
// Pull requests
permission create_pull_request = read
permission merge_pull_request = maintainer + organization->owner
permission close_pull_request = triager + writer + maintainer + admin + organization->owner
// Coarse grained
permission manage_setting = maintainer + admin + organization->owner
permission manage_sensitive_setting = admin + organization->owner
}Schemas come from the authzed/examples repository (Apache 2.0). Comments shown alongside the code are the authors' original docstrings.