From 3d6d9b844a8ec51788d8426945ab40a17e8e0ce4 Mon Sep 17 00:00:00 2001
From: Koushik Roy <koushik@abbey.io>
Date: Mon, 20 Nov 2023 16:49:47 -0800
Subject: [PATCH] Add in_group and has_attribute policy functions

This PR adds two policy functions.

1. in_group checks whether an Abbey user's identity is within a group

2. has_attribute checks whether an Abbey user has a custom attribute with
a given value
---
 src/abbey/functions/has_attribute.rego | 5 +++++
 src/abbey/functions/in_group.rego      | 7 +++++++
 2 files changed, 12 insertions(+)
 create mode 100644 src/abbey/functions/has_attribute.rego
 create mode 100644 src/abbey/functions/in_group.rego

diff --git a/src/abbey/functions/has_attribute.rego b/src/abbey/functions/has_attribute.rego
new file mode 100644
index 0000000..10afb80
--- /dev/null
+++ b/src/abbey/functions/has_attribute.rego
@@ -0,0 +1,5 @@
+import future.keywords.if
+
+has_attribute(name, value) := true if {
+	data.system.abbey.identities.directory_sync_users.custom_attributes[name] == value
+}
diff --git a/src/abbey/functions/in_group.rego b/src/abbey/functions/in_group.rego
new file mode 100644
index 0000000..cdc7d9e
--- /dev/null
+++ b/src/abbey/functions/in_group.rego
@@ -0,0 +1,7 @@
+import future.keywords.if
+import future.keywords.in
+
+in_group(group_name) := true if {
+	some group in data.system.abbey.group_memberships
+	group == group_name
+}