This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
define | |
rule owners-have-write-access: | |
when { (resource: $r, owner: $owner) isa resource-ownership; } | |
then { (writer: $owner, writable: $r) isa write-access; }; | |
rule members-borrow-write-access: | |
when { | |
(member: $u, team: $t) isa team-membership; | |
(writer: $t, writable: $r) isa write-access; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
define | |
user sub entity, | |
plays team-membership:member, | |
plays read-access:reader, | |
plays write-access:writer, | |
plays resource-ownership:owner; | |
team sub entity, | |
plays team-membership:team, | |
plays read-access:reader, | |
plays write-access:writer, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
insert | |
$x isa user; | |
$t isa team; | |
(member: $x, team: $t) isa team-membership; | |
$r isa resource; | |
(owner: $t, resource: $r) isa resource-ownership; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
define | |
rule <label>: | |
when { | |
<condition> | |
} then { | |
<conclusion> | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule give-permission: | |
when { | |
$x isa user; | |
not { $x has permission $a; }; | |
} then { | |
$x has permission "read"; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
insert | |
$u isa user; | |
$t isa team; | |
$r isa resource; | |
$r (owner: $t, owned: $r) isa resource-ownership; | |
(source: $r, accessor: $u, accessible: $r) isa derived-access; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule infinite-list: | |
when { | |
$r isa list-node; | |
} then { | |
(previous: $r) isa list-node; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule members-borrow-read-access: | |
when { | |
(member: $u, team: $t) isa team-membership; | |
(reader: $t, readable: $r) isa read-access; | |
} then { | |
(reader: $u, readable: $r) isa read-access; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule members-borrow-write-access: | |
when { | |
(member: $u, team: $t) isa team-membership; | |
(writer: $t, writable: $r) isa write-access; | |
} then { | |
(writer: $u, writable: $r) isa write-access; | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rule owners-have-write-access: | |
when { | |
(resource: $r, owner: $owner) isa resource-ownership; | |
} then { | |
(writer: $owner, writable: $r) isa write-access; | |
}; |
OlderNewer