This example presents an Instagram Authorization Schema, outlining the intricate relationships between users, accounts, and posts on the platform. It defines user access levels, privacy settings, and interactions, offering insights into how followers, account owners, and post restrictions are managed within the Instagram ecosystem.
Schema | Open in playground
entity user {}
entity account {
// users have accounts
relation owner @user
// accounts can follow other users/accounts.
relation following @user
// other users/accounts can follow account.
relation follower @user
// accounts can be private or public.
attribute public boolean
// users can view an account if they're followers, owners, or if the account is not private.
action view = (owner or follower) or public
}
entity post {
// posts are linked with accounts.
relation account @account
// comments are limited to people followed by the parent account.
attribute restricted boolean
// users can view the posts, if they have access to view the linked accounts.
action view = account.view
// users can comment and like on unrestricted posts or posts by owners who follow them.
action comment = account.following not restricted
action like = account.following not restricted
}
Brief Examination of the Model
The Instagram Authorization Schema models the relationships between users, accounts, and posts in the Instagram platform.
Users can own accounts, follow other accounts, and be followed by other users. Accounts can have public or private settings, and access to view an account is determined by ownership, followers, and privacy settings. Posts are associated with accounts and can have restricted comments and likes based on account privacy.
Entities & Relations
-
User: Represents a user on the Instagram platform. -
Account: Represents a user account on Instagram. Accounts have owners, followers, and can follow other accounts. -
Post: Represents a post on Instagram. Posts are linked to accounts and can have restricted comments and likes.
Permissions
Users can view an account if they are the owner, a follower, or if the account is public. Users can comment and like posts if they have access to view the linked account and the post is unrestricted.
Relationships and Attributes
Based on our schema, let’s create some sample relationships to test both our schema and our authorization logic.
// Relationships
// Users, Accounts and Posts:
account:1#owner@user:kevin
account:2#owner@user:george
account:1#following@user:george
account:2#follower@user:kevin
post:1#account@account:1
post:2#account@account:2
// Attributes
// Accounts and Posts:
account:1$public|boolean:true
account:2$public|boolean:false
post:1$restricted|boolean:false
post:2$restricted|boolean:true
Test & Validation
To validate our authorization logic, let’s run some tests on different scenarios using the Instagram Authorization Schema.
Test 1: Checking Account Viewing Permissions
Test 2: Checking Post Viewing Permissions
Test 3: Checking Post Commenting Permissions
Let’s test these access checks in our local with using permify validator. We’ll use the below schema for the schema validation file.
schema: |-
entity user {}
entity account {
// users have accounts
relation owner @user
// accounts can follow other users/accounts.
relation following @user
// other users/accounts can follow account.
relation follower @user
// accounts can be private or public.
attribute public boolean
// users can view an account if they're followers, owners, or if the account is not private.
action view = (owner or follower) or public
}
entity post {
// posts are linked with accounts.
relation account @account
// comments are limited to people followed by the parent account.
attribute restricted boolean
// users can view the posts, if they have access to view the linked accounts.
action view = account.view
// users can comment and like on unrestricted posts or posts by owners who follow them.
action comment = account.following not restricted
action like = account.following not restricted
}
relationships:
- account:1#owner@user:kevin
- account:2#owner@user:george
- account:1#following@user:george
- account:2#follower@user:kevin
- post:1#account@account:1
- post:2#account@account:2
attributes:
- account:1$public|boolean:true
- account:2$public|boolean:false
- post:1$restricted|boolean:false
- post:2$restricted|boolean:true
scenarios:
- name: Account Viewing Permissions
description: Evaluate account viewing permissions for 'kevin' and 'george'.
checks:
- entity: account:1
subject: user:kevin
assertions:
view: true
- entity: account:2
subject: user:kevin
assertions:
view: true
- entity: account:1
subject: user:george
assertions:
view: true
- entity: account:2
subject: user:george
assertions:
view: true
- name: Post Viewing Permissions
description: Determine post viewing permissions for 'kevin' and 'george'.
checks:
- entity: post:1
subject: user:george
assertions:
view: true
- entity: post:2
subject: user:kevin
assertions:
view: true
- entity: post:2
subject: user:george
assertions:
view: true
- name: Post Commenting Permissions
description: Evaluate post commenting permissions for 'kevin' and 'george'.
checks:
- entity: post:1
subject: user:george
assertions:
comment: true
- entity: post:2
subject: user:kevin
assertions:
comment: false
Using Schema Validator in Local
After cloning Permify, open up a new file and copy the schema yaml file content inside. Then, build and run Permify instance using the command make serve
Then run permify validate {path of your schema validation file} to start the test process.
The validation result according to our example schema validation file:
Need any help ?
This is the end of demonstration of the authorization structure for Facebook groups. To install and implement this see the Set Up Permify section.