Charles Moga
11/14/2023, 11:12 AMI am trying to workout this snippet and adapt for our use case:
CheckResult result=client.check(
Principal.newInstance("john","employee")
.withPolicyVersion("20210210")
.withAttribute("department",stringValue("marketing"))
.withAttribute("geography",stringValue("GB")),
Resource.newInstance("leave_request","xx125")
.withPolicyVersion("20210210")
.withAttribute("department",stringValue("marketing"))
.withAttribute("geography",stringValue("GB"))
.withAttribute("owner",stringValue("john")),
"view:public","approve");
if(result.isAllowed("approve")){ // returns true if `approve` action is allowed
...
}
Our use case is a rest API with post, get, update and delete, and I have mapped against resources.
Fo example, we have "admin" with the following access:
resource|create |read |update |delete
---------------------------------------
user | true | true | true | true
payment | false | true | false | false
Now when request hits '/user', we have an interceptor,
that takes "user" as the resource, action (post, get, update, or delete) JWT that contains user data including the role, which is admin.
And I am trying to figure out how I can adapt the code above to authorize/deny a request
oguzhan
principal
, resource
and action
to the client.check
function. Then you can call the isAllowed(action)
of the result
returned to see if the action given is allowed.
Is there some specific part where it is unclear so that I can explain?Charles Moga
11/14/2023, 1:08 PM