From 02eae166657e4e22782a5dcab4ea4008fe0a42f7 Mon Sep 17 00:00:00 2001
From: Gsk54 <sylvain.briat@free.fr>
Date: Thu, 19 Jan 2023 16:27:14 +0100
Subject: [PATCH] add user update/delete policy

---
 opa/user/delete.rego | 11 +++++++++++
 opa/user/update.rego | 11 +++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 opa/user/delete.rego
 create mode 100644 opa/user/update.rego

diff --git a/opa/user/delete.rego b/opa/user/delete.rego
new file mode 100644
index 0000000..ec31a55
--- /dev/null
+++ b/opa/user/delete.rego
@@ -0,0 +1,11 @@
+package user.delete
+
+default allow := false
+
+allow := true {
+    input.uuid == input.owner
+}
+
+allow := true {
+    input.role == "admin"
+}
diff --git a/opa/user/update.rego b/opa/user/update.rego
new file mode 100644
index 0000000..54d80a0
--- /dev/null
+++ b/opa/user/update.rego
@@ -0,0 +1,11 @@
+package user.update
+
+default allow := false
+
+allow := true {
+    input.uuid == input.owner
+}
+
+allow := true {
+    input.role == "admin"
+}