add policies examples

narval-xyz · Jan 12, 2024 · e630955 · e630955
1 parent 3d711ed
commit e630955
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 0 deletions.
diff --git a/apps/authz/src/app/opa/rego/lib/policies/policy1.rego b/apps/authz/src/app/opa/rego/lib/policies/policy1.rego
@@ -0,0 +1,33 @@
+package main
+
+import future.keywords.in
+
+permit[{"policyId": "test-policy-1"}] := reason {
+	not is_principal_root_user
+	is_principal_assigned_to_wallet
+	check_transfer_token_type({"transferToken"})
+	check_transfer_token_address({"0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
+	check_transfer_token_operation({"operator": "lte", "value": 1000000000000000000})
+
+	approvalsRequired = [
+		{
+			"threshold": 2,
+			"countPrincipal": false,
+			"entityType": "Narval::User",
+			"entityIds": ["test-bob-uid", "test-bar-uid", "test-signer-uid"],
+		}
+	]
+
+	approvalsResults = [res |
+		approval := approvalsRequired[_]
+		res := check_approval(approval)
+	]
+
+	approvals := get_approvals_result(approvalsResults)
+
+	reason := {
+		"policyId": "test-policy-1",
+		"approvalsSatisfied": approvals.approvalsSatisfied,
+		"approvalsMissing": approvals.approvalsMissing,
+	}
+}
diff --git a/apps/authz/src/app/opa/rego/lib/policies/policy2.rego b/apps/authz/src/app/opa/rego/lib/policies/policy2.rego
@@ -0,0 +1,33 @@
+package main
+
+import future.keywords.in
+
+permit[{"policyId": "test-policy-2"}] := reason {
+	not is_principal_root_user
+	is_principal_assigned_to_wallet
+	check_transfer_token_type({"transferToken"})
+	check_transfer_token_address({"0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
+	check_transfer_token_operation({"operator": "lte", "value": 1000000000000000000})
+
+	approvalsRequired = [
+		{
+			"threshold": 2,
+			"countPrincipal": false,
+			"entityType": "Narval::UserGroup",
+			"entityIds": ["test-user-group-one-uid"],
+		},
+	]
+
+	approvalsResults = [res |
+		approval := approvalsRequired[_]
+		res := check_approval(approval)
+	]
+
+	approvals := get_approvals_result(approvalsResults)
+
+	reason := {
+		"policyId": "test-policy-2",
+		"approvalsSatisfied": approvals.approvalsSatisfied,
+		"approvalsMissing": approvals.approvalsMissing,
+	}
+}
diff --git a/apps/authz/src/app/opa/rego/lib/policies/policy3.rego b/apps/authz/src/app/opa/rego/lib/policies/policy3.rego
@@ -0,0 +1,31 @@
+package main
+
+import future.keywords.in
+
+permit[{"policyId": "test-policy-3"}] := reason {
+	not is_principal_root_user
+	is_principal_assigned_to_wallet
+	check_transfer_token_type({"transferToken"})
+	check_transfer_token_address({"0x2791bca1f2de4661ed88a30c99a7a9449aa84174"})
+	check_transfer_token_operation({"operator": "eq", "value": 1000000000000000000})
+
+	approvalsRequired = [{
+		"threshold": 2,
+		"countPrincipal": false,
+		"entityType": "Narval::UserRole",
+		"entityIds": ["root", "admin"],
+	}]
+
+	approvalsResults = [res |
+		approval := approvalsRequired[_]
+		res := check_approval(approval)
+	]
+
+	approvals := get_approvals_result(approvalsResults)
+
+	reason := {
+		"policyId": "test-policy-3",
+		"approvalsSatisfied": approvals.approvalsSatisfied,
+		"approvalsMissing": approvals.approvalsMissing,
+	}
+}