Skip to content

[LFXV2-603] Add authorization model types for past meeting artifacts #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Oct 2, 2025
+70 −1
Merged

[LFXV2-603] Add authorization model types for past meeting artifacts #65

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d70d518
Add authorization model types for past meeting artifacts
andrest50 Oct 2, 2025
8c5216b
Merge branch 'main' into andrest50/past-meeting-artifacts
andrest50 Oct 2, 2025
f9b77f0
Bump chart version to 0.2.21
andrest50 Oct 2, 2025
1ab873a
Update viewer relation for past meeting artifacts
andrest50 Oct 2, 2025
400334b
Ensure auditors and writers can view past meeting artifacts
andrest50 Oct 2, 2025
1848aad
Clarify artifact visibility in auth model comments
andrest50 Oct 2, 2025
7889019
Merge branch 'main' of ssh://github.com/linuxfoundation/lfx-v2-helm i…
andrest50 Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 70 additions & 1 deletion charts/lfx-platform/templates/openfga/model.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
- patch: Modifications of define
*/}}
- version:
major: 4
major: 5
minor: 3
patch: 2
authorizationModel: |
Expand Down Expand Up @@ -121,4 +121,73 @@ spec:
# If the past meeting is public, then any user can view it; but if it is private, then
# only certain privileged users can view it.
define viewer: [user:*] or attendee or invitee or organizer or auditor

# The past_meeting_recording type identifies a recording of a past meeting.
# Access to a recording is limited to one of the following groups:
# - Only meeting hosts
# - Only meeting participants
# - Public (anyone)
type past_meeting_recording
relations
define past_meeting: [past_meeting]
define writer: organizer from past_meeting
define auditor: auditor from past_meeting
define host: host from past_meeting
define participant: invitee from past_meeting or attendee from past_meeting
# The viewer relation needs to be kept up-to-date separately from the other relations
# because it depends on the past meeting artifact_visibility setting. Auditors and writers
# do however by default have access to view the recording.
#
# If the artifact_visibility is public, then every user should be a viewer
# If it is set to only meeting participants, then only the meeting participants
# should be able to view the recording.
# If it is set to only meeting hosts, then only the meeting hosts should be able
# to view the recording.
define viewer: [user:*] or writer or auditor

# The past_meeting_transcript type identifies a transcript of a past meeting.
# Access to a transcript is limited to one of the following groups:
# - Only meeting hosts
# - Only meeting participants
# - Public (anyone)
type past_meeting_transcript
relations
define past_meeting: [past_meeting]
define writer: organizer from past_meeting
define auditor: auditor from past_meeting
define host: host from past_meeting
define participant: invitee from past_meeting or attendee from past_meeting
# The viewer relation needs to be kept up-to-date separately from the other relations
# because it depends on the past meeting artifact_visibility setting. Auditors and writers
# do however by default have access to view the transcript.
#
# If the artifact_visibility is public, then every user should be a viewer
# If it is set to only meeting participants, then only the meeting participants
# should be able to view the transcript.
# If it is set to only meeting hosts, then only the meeting hosts should be able
# to view the transcript.
define viewer: [user:*] or writer or auditor

# The past_meeting_summary type identifies a summary of a past meeting.
# Access to a summary is limited to one of the following groups:
# - Only meeting hosts
# - Only meeting participants
# - Public (anyone)
type past_meeting_summary
relations
define past_meeting: [past_meeting]
define writer: organizer from past_meeting
define auditor: auditor from past_meeting
define host: host from past_meeting
define participant: invitee from past_meeting or attendee from past_meeting
# The viewer relation needs to be kept up-to-date separately from the other relations
# because it depends on the past meeting artifact_visibility setting. Auditors and writers
# do however by default have access to view the summary.
#
# If the artifact_visibility is public, then every user should be a viewer
# If it is set to only meeting participants, then only the meeting participants
# should be able to view the summary.
# If it is set to only meeting hosts, then only the meeting hosts should be able
# to view the summary.
define viewer: [user:*] or writer or auditor
{{- end }}