What about Zanzibar?

What is a permission service?

Data structure

definition user {
}

definition team {
relation team: team
relation owner: user | team#owner
relation admin: user | team#admin
relation member: user | team#member

permission lock_team = owner
permission unlock_team = owner

permission add_team_admin = owner + admin
permission delete_team_admin = owner + admin
permission view_team_admins = owner + admin + member

permission add_team_member = owner + admin
permission delete_team_member = owner + admin
permission view_team_members = owner + admin + member

permission change_team_name = owner + admin
permission notify_team = owner + admin
}

definition chat_room {
relation team: team
relation user: user

relation owner: user | team#owner
relation admin: user | team#owner | team#admin
relation member: user | team#member

permission lock_project = owner
permission unlock_project = owner

permission add_chat_room_admin = owner + admin
permission delete_chat_room_admin = owner + admin
permission view_chat_room_admins = owner + admin + member

permission add_chat_room_member = owner + admin
permission delete_chat_room_member = owner + admin
permission view_chat_room_members = owner + admin + member

permission add_team = owner + admin
permission delete_team = owner
}
definition chat_room {
relation team: team
relation user: user

relation banned: user <= add a role

relation owner: user | team#owner
relation admin: user | team#owner | team#admin
relation member: user | team#member

...snip...

permission add_project_admin = owner + admin - banned <= prevent banned users from doing this action
permission delete_project_admin = owner + admin - banned
permission view_project_admins = owner + admin + member - banned

...etc...
}

Caching

Zookies

Two sources of truth

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store