From 5bd860042e3bac4cc4df0492b4b0fb0b82322dee Mon Sep 17 00:00:00 2001
From: sbriat <sylvain.briat@free.fr>
Date: Mon, 13 Feb 2023 11:53:30 +0100
Subject: [PATCH] add admin policy

---
 opa/admin/login.rego                                 | 7 +++++++
 src/modules/authorization/domain/dtos/action.enum.ts | 1 +
 src/modules/authorization/domain/dtos/domain.enum.ts | 1 +
 3 files changed, 9 insertions(+)
 create mode 100644 opa/admin/login.rego

diff --git a/opa/admin/login.rego b/opa/admin/login.rego
new file mode 100644
index 0000000..b09d019
--- /dev/null
+++ b/opa/admin/login.rego
@@ -0,0 +1,7 @@
+package ADMIN.LOGIN
+
+default allow := false
+
+allow {
+	input.role == "admin"
+}
diff --git a/src/modules/authorization/domain/dtos/action.enum.ts b/src/modules/authorization/domain/dtos/action.enum.ts
index 178455b..6e08612 100644
--- a/src/modules/authorization/domain/dtos/action.enum.ts
+++ b/src/modules/authorization/domain/dtos/action.enum.ts
@@ -4,4 +4,5 @@ export enum Action {
   UPDATE = 'UPDATE',
   DELETE = 'DELETE',
   LIST = 'LIST',
+  LOGIN = 'LOGIN',
 }
diff --git a/src/modules/authorization/domain/dtos/domain.enum.ts b/src/modules/authorization/domain/dtos/domain.enum.ts
index 9d09c7d..1fa511a 100644
--- a/src/modules/authorization/domain/dtos/domain.enum.ts
+++ b/src/modules/authorization/domain/dtos/domain.enum.ts
@@ -1,3 +1,4 @@
 export enum Domain {
   USER = 'USER',
+  ADMIN = 'ADMIN',
 }