David Nilsdotter
05/11/2023, 7:59 AM{
id: 'john',
attr: {
projects: [{id: 1, role: 'user'},{id: 2, role: 'manager'},{id: 3, role: 'owner'}]
}
}
with a resource like
{
"kind": "file",
"attr": {
"parentProjectId": 1,
"name": "taxes.txt",
"createdAt": "2023-05-011T10:00:00.021-05:00"
}
}
and then create a derived role like
derivedRoles:
definitions:
- name: project_owner
condition:
match:
expr: <check if the role is 'owner' in the element of P.attr.projects with the id matching the R.attr.parentProjectId>
Is it possible to write such a match-string?
I know I can single out the project before sending the check, but if I can send the whole project state of a user (that rarely changes) it would be preferred.Charith (Cerbos)
05/11/2023, 8:07 AMDavid Nilsdotter
05/11/2023, 9:07 AM