add ad policies

2026-01-02 19:02:40 +00:00 · 2023-05-04 14:46:40 +02:00
parent fd8bdad946
commit 9ba715860e
5 changed files with 38 additions and 2 deletions
--- a/opa/ad/delete.rego
+++ b/opa/ad/delete.rego
@@ -0,0 +1,11 @@
+package AD.DELETE
+
+default allow := false
+
+allow {
+	input.userUuid == input.owner
+}
+
+allow {
+	input.role == "admin"
+}
--- a/opa/ad/list.rego
+++ b/opa/ad/list.rego
@@ -0,0 +1,3 @@
+package AD.LIST
+
+default allow := true
--- a/opa/ad/read.rego
+++ b/opa/ad/read.rego
@@ -0,0 +1,11 @@
+package AD.READ
+
+default allow := false
+
+allow {
+    input.userUuid == input.owner
+}
+
+allow {
+    input.role == "admin"
+}
--- a/opa/ad/update.rego
+++ b/opa/ad/update.rego
@@ -0,0 +1,11 @@
+package AD.UPDATE
+
+default allow := false
+
+allow {
+	input.userUuid == input.owner
+}
+
+allow {
+	input.role == "admin"
+}
--- a/opa/user/read.rego
+++ b/opa/user/read.rego
@@ -2,10 +2,10 @@ package USER.READ

 default allow := false

-allow := true {
+allow {
    input.uuid == input.owner
 }

-allow := true {
+allow {
    input.role == "admin"
 }