Merge branch 'adAuth' into 'main'

add ad policies See merge request v3/service/auth!35
2023-05-04 12:50:19 +00:00 · 2023-05-04 12:50:19 +00:00 · d9cedc5297
parent fd8bdad946 9ba715860e
commit d9cedc5297
5 changed files with 38 additions and 2 deletions
--- a/opa/ad/delete.rego
+++ b/opa/ad/delete.rego
@ -0,0 +1,11 @@
+package AD.DELETE
+
+default allow := false
+
+allow {
+	input.userUuid == input.owner
+}
+
+allow {
+	input.role == "admin"
+}
--- a/opa/ad/list.rego
+++ b/opa/ad/list.rego
@ -0,0 +1,3 @@
+package AD.LIST
+
+default allow := true
--- a/opa/ad/read.rego
+++ b/opa/ad/read.rego
@ -0,0 +1,11 @@
+package AD.READ
+
+default allow := false
+
+allow {
+    input.userUuid == input.owner
+}
+
+allow {
+    input.role == "admin"
+}
--- a/opa/ad/update.rego
+++ b/opa/ad/update.rego
@ -0,0 +1,11 @@
+package AD.UPDATE
+
+default allow := false
+
+allow {
+	input.userUuid == input.owner
+}
+
+allow {
+	input.role == "admin"
+}
--- a/opa/user/read.rego
+++ b/opa/user/read.rego
@ -2,10 +2,10 @@ package USER.READ

 default allow := false

-allow := true {
+allow {
    input.uuid == input.owner
 }

-allow := true {
+allow {
    input.role == "admin"
 }