ms-tester/opa/problem.rego

package problem.rbac

import rego.v1

spectator := 0
participant := 1
moderator := 2
admin := 3

permissions := {
	"read": is_spectator,
	"participate": is_participant,
	"update": is_moderator,
	"create": is_moderator,
	"delete": is_moderator,
}

default allow := false

allow if is_admin

allow if {
	permissions[input.action]
}

default is_admin := false
is_admin if {
	input.user.role == admin
}

default is_moderator := false
is_moderator if {
	input.user.role >= moderator
}

default is_participant := false
is_participant if {
	input.user.role >= participant
}

default is_spectator := true
is_spectator if {
	input.user.role >= spectator
}
feat: add permission check 2024-08-20 11:18:23 +00:00			`package problem.rbac`

			`import rego.v1`

			`spectator := 0`
			`participant := 1`
			`moderator := 2`
			`admin := 3`

			`permissions := {`
			`"read": is_spectator,`
			`"participate": is_participant,`
			`"update": is_moderator,`
			`"create": is_moderator,`
			`"delete": is_moderator,`
			`}`

			`default allow := false`

			`allow if is_admin`

			`allow if {`
			`permissions[input.action]`
			`}`

			`default is_admin := false`
			`is_admin if {`
			`input.user.role == admin`
			`}`

			`default is_moderator := false`
			`is_moderator if {`
			`input.user.role >= moderator`
			`}`

			`default is_participant := false`
			`is_participant if {`
			`input.user.role >= participant`
			`}`

			`default is_spectator := true`
			`is_spectator if {`
			`input.user.role >= spectator`
			`}`