Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Rego rule 3 - Only managers from the employee_managers list can create employees
employee_managers := {"","",""}
allow {
input.attributes.request.http.method == "POST"
input.parsed_path[0] = "employees"
jwt.payload.Role == "manager"
jwt.payload.Group == input.parsed_body.userGroup
employee_managers[_] == jwt.payload.sub #is the subject in the employee_managers set?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment