forked from ProtocolONE/rbac
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmodel.go
More file actions
26 lines (21 loc) · 714 Bytes
/
model.go
File metadata and controls
26 lines (21 loc) · 714 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
package rbac
const modelText = `
[request_definition]
r = req
[policy_definition]
p = sub, domain, resource, uuid, action, eft
[role_definition]
g = _, _, _
g2 = _,_
[policy_effect]
e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
[matchers]
m = (r.req.User == r.req.ResourceOwner && p.eft != "deny") || \
( \
g(r.req.User, p.sub, r.req.Domain) && (p.domain == "*" || matchKeys(r.req.Domain, p.domain)) && \
(p.resource == "any" || matchKeys(r.req.Resource, p.resource)) && \
(p.uuid == "any" || p.uuid == "skip" || matchKeys(r.req.ResourceId, p.uuid)) && \
(p.action == "any" || regexMatch(r.req.Action, p.action)) && \
has_access_to_resource(r.req, p.sub, p.uuid) \
) \
`