Skip to content

Commit f9ec510

Browse files
rschevrschev
committed
Allow operations on invoices for users with manage_invoices
1 parent 832018a commit f9ec510

File tree

1 file changed

+17
-15
lines changed

1 file changed

+17
-15
lines changed

src/main/resources/rego/policy.rego

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -34,45 +34,47 @@ default can_update_supplier := false
3434

3535
default can_delete_supplier := false
3636

37-
# Policy zsn6mlr6y4tq
38-
# - input.entity is type 'supplier'
39-
can_read_supplier {
37+
# Policy 6z4vihwwdvdq
38+
# - input.entity is type 'invoice'
39+
can_read_invoice {
4040
input.auth.authenticated == true
4141
input.auth.principal.kind == "user"
42-
input.auth.principal["contentgrid:admin"] == true
42+
input.auth.principal["contentgrid:manage_invoices"] == true
4343
}
44-
can_create_supplier {
44+
can_create_invoice {
4545
input.auth.authenticated == true
4646
input.auth.principal.kind == "user"
47-
input.auth.principal["contentgrid:admin"] == true
47+
input.auth.principal["contentgrid:manage_invoices"] == true
4848
}
49-
can_update_supplier {
49+
can_update_invoice {
5050
input.auth.authenticated == true
5151
input.auth.principal.kind == "user"
52-
input.auth.principal["contentgrid:admin"] == true
52+
input.auth.principal["contentgrid:manage_invoices"] == true
5353
}
54-
can_delete_supplier {
54+
can_delete_invoice {
5555
input.auth.authenticated == true
5656
input.auth.principal.kind == "user"
57-
input.auth.principal["contentgrid:admin"] == true
57+
input.auth.principal["contentgrid:manage_invoices"] == true
5858
}
59-
# - input.entity is type 'invoice'
60-
can_read_invoice {
59+
# End policy 6z4vihwwdvdq
60+
# Policy zsn6mlr6y4tq
61+
# - input.entity is type 'supplier'
62+
can_read_supplier {
6163
input.auth.authenticated == true
6264
input.auth.principal.kind == "user"
6365
input.auth.principal["contentgrid:admin"] == true
6466
}
65-
can_create_invoice {
67+
can_create_supplier {
6668
input.auth.authenticated == true
6769
input.auth.principal.kind == "user"
6870
input.auth.principal["contentgrid:admin"] == true
6971
}
70-
can_update_invoice {
72+
can_update_supplier {
7173
input.auth.authenticated == true
7274
input.auth.principal.kind == "user"
7375
input.auth.principal["contentgrid:admin"] == true
7476
}
75-
can_delete_invoice {
77+
can_delete_supplier {
7678
input.auth.authenticated == true
7779
input.auth.principal.kind == "user"
7880
input.auth.principal["contentgrid:admin"] == true

0 commit comments

Comments
 (0)