package problem.rbac

import rego.v1

spectator := 0
participant := 1
moderator := 2
admin := 3

permissions := {
	"read": is_spectator,
	"participate": is_participant,
	"update": is_moderator,
	"create": is_moderator,
	"delete": is_moderator,
}

default allow := false

allow if is_admin

allow if {
	permissions[input.action]
}

default is_admin := false
is_admin if {
	input.user.role == admin
}

default is_moderator := false
is_moderator if {
	input.user.role >= moderator
}

default is_participant := false
is_participant if {
	input.user.role >= participant
}

default is_spectator := true
is_spectator if {
	input.user.role >= spectator
}