feat: add permission check

2024-08-20 16:18:23 +05:00 · 2024-08-20 16:18:23 +05:00 · bebc7f3076
commit bebc7f3076
parent 56135ff5df
14 changed files with 490 additions and 95 deletions
--- a/opa/problem.rego
+++ b/opa/problem.rego
@ -0,0 +1,44 @@
+package problem.rbac
+
+import rego.v1
+
+spectator := 0
+participant := 1
+moderator := 2
+admin := 3
+
+permissions := {
+	"read": is_spectator,
+	"participate": is_participant,
+	"update": is_moderator,
+	"create": is_moderator,
+	"delete": is_moderator,
+}
+
+default allow := false
+
+allow if is_admin
+
+allow if {
+	permissions[input.action]
+}
+
+default is_admin := false
+is_admin if {
+	input.user.role == admin
+}
+
+default is_moderator := false
+is_moderator if {
+	input.user.role >= moderator
+}
+
+default is_participant := false
+is_participant if {
+	input.user.role >= participant
+}
+
+default is_spectator := true
+is_spectator if {
+	input.user.role >= spectator
+}