blob: 9dc6ea9be05af139215e3f50ea1507cb2d622871 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
package abac
import rego.v1
default allow := false
allow if {
viewable_sensor_data
action_is_read
}
action_is_read if "read" in input.actions
viewable_sensor_data contains view_data if {
some sensor_data in data.abac.sensor_data
sensor_data.timestamp >= input.time_period.from
sensor_data.timestamp < input.time_period.to
view_data := {datatype: sensor_data[datatype] | datatype in input.datatypes}
}
|