mirror of
https://github.com/BradNut/boredgame
synced 2025-09-08 17:40:22 +00:00
27 lines
494 B
YAML
27 lines
494 B
YAML
|
apiVersion: api.cerbos.dev/v1
|
||
|
|
resourcePolicy:
|
||
|
|
version: default
|
||
|
|
resource: ticket
|
||
|
|
|
||
|
|
rules:
|
||
|
|
- actions:
|
||
|
|
- "*"
|
||
|
|
effect: EFFECT_ALLOW
|
||
|
|
roles:
|
||
|
|
- admin
|
||
|
|
- actions:
|
||
|
|
- read
|
||
|
|
- update
|
||
|
|
effect: EFFECT_ALLOW
|
||
|
|
roles:
|
||
|
|
- customer
|
||
|
|
condition:
|
||
|
|
match:
|
||
|
|
expr: request.resource.attr.cust_id == request.principal.id
|
||
|
|
- actions:
|
||
|
|
- create
|
||
|
|
- delete
|
||
|
|
effect: EFFECT_DENY
|
||
|
|
roles:
|
||
|
|
- customer
|