blob: 31e7fb66ba833793ab3f10be362bb4906926a9cd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
package organization
import rego.v1
default allow := false
# organization level access
allow if {
some acl in data.organization.acls
acl.user == input.user
acl.organization == input.organization
acl.project == input.project
acl.component == input.component
some action in acl.actions
action == input.action
}
# project level access
allow if {
some acl in data.organization.acls
acl.user == input.user
acl.organization == input.organization
acl.project == input.project
some action in acl.actions
action == input.action
}
# component level access
allow if {
some acl in data.organization.acls
acl.user == input.user
acl.organization == input.organization
some action in acl.actions
action == input.action
}
|
