refactor: remove unused serviceuser-user relation from SpiceDB schema

core/serviceuser/service.go

@@ -107,26 +107,6 @@ func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUs
 		return ServiceUser{}, err
 	}
 
-	if len(serviceUser.CreatedByUser) > 0 {
-		// TODO: write authz tests that checks if the user who created the service user
-		// has the permission to interact with the service user
-		// attach user to service user who created it
-		_, err = s.relationService.Create(ctx, relation.Relation{
-			Object: relation.Object{
-				ID:        createdSU.ID,
-				Namespace: schema.ServiceUserPrincipal,
-			},
-			Subject: relation.Subject{
-				ID:        serviceUser.CreatedByUser,
-				Namespace: schema.UserPrincipal,
-			},
-			RelationName: schema.UserRelationName,
-		})
-		if err != nil {
-			return ServiceUser{}, err
-		}
-	}
-
 	return createdSU, nil
 }
 

core/serviceuser/serviceuser.go

@@ -29,10 +29,6 @@ type ServiceUser struct {
 	State    string
 	Metadata metadata.Metadata
 
-	// CreatedByUser is a transient field that is used to track the user who created this service user
-	// this doesn't have any impact on the service user itself
-	CreatedByUser string
-
 	CreatedAt time.Time
 	UpdatedAt time.Time
 }

internal/bootstrap/schema/base_schema.zed

@@ -2,9 +2,8 @@ definition app/user {}
 
 definition app/serviceuser {
 	relation org: app/organization
-	relation user: app/user
 
-    permission manage = org->serviceusermanage + user
+    permission manage = org->serviceusermanage
 }
 
 definition app/pat {

internal/bootstrap/testdata/compiled_schema.zed

@@ -182,9 +182,8 @@ definition app/rolebinding {
 }
 
 definition app/serviceuser {
-	permission manage = org->serviceusermanage + user
+	permission manage = org->serviceusermanage
 	relation org: app/organization
-	relation user: app/user
 }
 
 definition app/user {}