From bd968e270c54ea9922ffcd55a8f58a86ac9396f1 Mon Sep 17 00:00:00 2001 From: samuel Date: Wed, 14 Feb 2024 12:45:25 +0100 Subject: [PATCH] add mock data --- apps/authz/src/opa/template/mockData.ts | 61 +++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/apps/authz/src/opa/template/mockData.ts b/apps/authz/src/opa/template/mockData.ts index d913ea520..3e0e925a8 100644 --- a/apps/authz/src/opa/template/mockData.ts +++ b/apps/authz/src/opa/template/mockData.ts @@ -110,3 +110,64 @@ export const exampleForbidPolicy: Policy = { export const policies = { policies: [examplePermitPolicy, exampleForbidPolicy] } + +const metaPermissions = [ + Action.CREATE_ORGANIZATION, + Action.CREATE_USER, + Action.UPDATE_USER, + Action.CREATE_CREDENTIAL, + Action.ASSIGN_USER_GROUP, + Action.ASSIGN_WALLET_GROUP, + Action.ASSIGN_USER_WALLET, + Action.DELETE_USER, + Action.REGISTER_WALLET, + Action.CREATE_ADDRESS_BOOK_ACCOUNT, + Action.EDIT_WALLET, + Action.UNASSIGN_WALLET, + Action.REGISTER_TOKENS, + Action.EDIT_USER_GROUP, + Action.DELETE_USER_GROUP, + Action.CREATE_WALLET_GROUP, + Action.DELETE_WALLET_GROUP +] + +export const permitMetaPermission: Policy = { + name: 'permitMetaPermission', + when: [ + { + criterion: Criterion.CHECK_ACTION, + args: metaPermissions + }, + { + criterion: Criterion.CHECK_PRINCIPAL_ROLE, + args: ['admin'] + }, + { + criterion: Criterion.CHECK_APPROVALS, + args: [ + { + approvalCount: 2, + countPrincipal: false, + approvalEntityType: EntityType.UserRole, + entityIds: ['admin'] + } + ] + } + ], + then: Then.PERMIT +} + +export const forbidMetaPermission: Policy = { + name: 'forbidMetaPermission', + when: [ + { + criterion: Criterion.CHECK_ACTION, + args: metaPermissions + }, + { + criterion: Criterion.CHECK_PRINCIPAL_ROLE, + args: ['admin'] + } + ], + then: Then.FORBID +}