From 3e33490d35e328d72dc6a88f460ceb7f70e087b8 Mon Sep 17 00:00:00 2001
From: Marvin Gajek <Marvin.Gajek1@web.de>
Date: Mon, 18 Nov 2024 09:23:33 +0100
Subject: [PATCH] add relations to type key in OpenFGA model

---
 docs/diagrams/openfga.dsl | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/docs/diagrams/openfga.dsl b/docs/diagrams/openfga.dsl
index 549db05..44ff4c2 100644
--- a/docs/diagrams/openfga.dsl
+++ b/docs/diagrams/openfga.dsl
@@ -9,6 +9,16 @@ type user_group
     define grantee: [user]  # A user who has been granted permissions for an owner's blob
     define admin: [user]    # Admin can manage all blobs, including cryptographic actions
 
+type key
+  relations
+    define manage_cryptographic_keys: admin
+    define create_own_cryptographic_keys: owner
+
+    # Ownership and user roles
+    define owner: [user, user_group#owner]
+    define admin: [user, user_group#admin]    # Admin can manage all blobs, including cryptographic actions
+
+
 type blob
   relations
     # Permissions related to file management
@@ -18,7 +28,6 @@ type blob
     define can_view_blobs_with_given_permission: grantee
 
     # Cryptographic actions
-    define create_own_cryptographic_keys: owner
     define encrypt_decrypt_own_files: owner
     define generate_signature_for_own_files: owner
     define verify_file_signature: owner or grantee  # Public key verification is possible for grantee