-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
272638a
commit 4ba7d83
Showing
7 changed files
with
205 additions
and
176 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,8 @@ | ||
# build stage | ||
FROM golang as builder | ||
|
||
ARG CGO_ENABLED=0 | ||
|
||
# Add dependencies | ||
WORKDIR /go/src/app | ||
ADD . /go/src/app | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,71 +1,85 @@ | ||
package applications.mongo | ||
|
||
verify = true { | ||
input.path == ["api", "mongo", "apps", "1"] | ||
verify { | ||
input.path == ["api", "mongo", "apps", "1"] | ||
} | ||
|
||
verify = true { | ||
some user | ||
verify { | ||
some user | ||
|
||
data.mongo.users[user].name == input.user | ||
user.password = input.password | ||
data.mongo.users[user].name == input.user | ||
user.password = input.password | ||
} | ||
|
||
# Deny all by default | ||
allow = false | ||
allow := false | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# Users with right 'OWNER' on app can access it always | ||
allow = true { | ||
some appId, app, right, user | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", appId] | ||
allow { | ||
some app_id, app, right, user | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", app_id] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].id == appId | ||
# This query fires against collection -> apps | ||
data.mongo.apps[app].id == app_id | ||
|
||
# Nest elements | ||
data.mongo.rights[right].right == "OWNER" | ||
data.mongo.users[user].name == input.user | ||
# Nest elements | ||
data.mongo.rights[right].right == "OWNER" | ||
data.mongo.users[user].name == input.user | ||
|
||
# Query root | ||
app.stars > 2 | ||
# Query root | ||
app.stars > 2 | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# All apps with 5 stars are public | ||
allow = true { | ||
some app, appId | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", appId] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].stars == 5 | ||
app.id == appId | ||
allow { | ||
some app, app_id | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", app_id] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].stars == 5 | ||
app.id == app_id | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# The first app is public | ||
allow = true { | ||
input.method == "GET" | ||
input.path == ["api", "mongo", "apps", "1"] | ||
allow { | ||
input.method == "GET" | ||
input.path == ["api", "mongo", "apps", "1"] | ||
} | ||
|
||
# Path: GET <any> | ||
# All users that are a friends of Kevin are allowed see everything | ||
allow = true { | ||
some user | ||
input.method == "GET" | ||
allow { | ||
some user | ||
input.method == "GET" | ||
|
||
# This query fires against collection -> users | ||
data.mongo.users[user].name == input.user | ||
old_or_kevin(user.age, user.friend) | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# Test for count function | ||
allow { | ||
some app | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", "4"] | ||
|
||
# Get all apps with 5 starts | ||
data.mongo.apps[app].stars > 4 | ||
|
||
# This query fires against collection -> users | ||
data.mongo.users[user].name == input.user | ||
old_or_kevin(user.age, user.friend) | ||
# If there is any one return true | ||
count(app) > 0 | ||
} | ||
|
||
old_or_kevin(age, friend) { | ||
age == 42 | ||
age == 42 | ||
} | ||
|
||
old_or_kevin(age, friend) { | ||
friend == "Kevin" | ||
friend == "Kevin" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.