Created
June 20, 2020 16:36
-
-
Save andersonkxiass/09d0c9c20790746993f80af4ddefcf58 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package app.rbac | |
default allow = false | |
default user_is_admin = false | |
# We need to import our data source reference | |
import data.source | |
#Checking if user is admin | |
allow { | |
user_is_admin | |
} | |
#Checking if the user has a role with any permission that matches the request data | |
allow { | |
some user_role_index, rol_index, perm_index | |
user := data.users[_] | |
user.name == input.subject | |
user_role := user.roles[user_role_index] | |
roles = data.roles[rol_index] | |
roles.role == user_role | |
perms := roles.permissions | |
perm := perms[perm_index] | |
can_perform(perm) | |
} | |
can_perform(perm) { | |
perm.resource == input.resource | |
perm.action == input.action | |
} | |
can_perform(perm) { | |
perm.resource == "*" | |
perm.action == "*" | |
} | |
user_is_admin { | |
some index | |
user := data.users[_] | |
user.name == input.subject | |
user.roles[index] == "admin" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment