andersonkxiass/rbac.rego

## rbac.rego
package app.rbac

default allow = false
default user_is_admin = false

# We need to import our data source reference
import data.source

#Checking if user is admin
allow {
   user_is_admin
}

#Checking if the user has a role with any permission that matches the request data
allow {
   some user_role_index, rol_index, perm_index
   user := data.users[_]
   user.name == input.subject

   user_role := user.roles[user_role_index]

   roles = data.roles[rol_index]
   roles.role == user_role
   perms := roles.permissions

   perm := perms[perm_index]

   can_perform(perm)
}

can_perform(perm) {
   perm.resource == input.resource
   perm.action == input.action
}

can_perform(perm) {
   perm.resource == "*"
   perm.action == "*"
}

user_is_admin {
   some index
   user := data.users[_]
   user.name == input.subject
   user.roles[index] == "admin"
}
	package app.rbac

	default allow = false
	default user_is_admin = false

	# We need to import our data source reference
	import data.source

	#Checking if user is admin
	allow {
	user_is_admin
	}

	#Checking if the user has a role with any permission that matches the request data
	allow {
	some user_role_index, rol_index, perm_index
	user := data.users[_]
	user.name == input.subject

	user_role := user.roles[user_role_index]

	roles = data.roles[rol_index]
	roles.role == user_role
	perms := roles.permissions

	perm := perms[perm_index]

	can_perform(perm)
	}

	can_perform(perm) {
	perm.resource == input.resource
	perm.action == input.action
	}

	can_perform(perm) {
	perm.resource == "*"
	perm.action == "*"
	}

	user_is_admin {
	some index
	user := data.users[_]
	user.name == input.subject
	user.roles[index] == "admin"
	}