```I am trying to workout this snippet and adapt for our use Cerbos Community #help

```I am trying to workout this snippet and adapt f...

Charles Moga

11/14/2023, 11:12 AM

Copy code

I am trying to workout this snippet and adapt for our use case:

CheckResult result=client.check(
    Principal.newInstance("john","employee")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB")),
    Resource.newInstance("leave_request","xx125")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB"))
        .withAttribute("owner",stringValue("john")),
    "view:public","approve");

if(result.isAllowed("approve")){ // returns true if `approve` action is allowed
    ...
}

Our use case is a rest API with post, get, update and delete, and I have mapped against resources.
Fo example, we have "admin" with the following access:

resource|create |read  |update |delete
---------------------------------------
user    | true  | true | true  | true 
payment | false | true | false | false 


Now when request hits '/user', we have an interceptor,
that takes "user" as the resource, action (post, get, update, or delete) JWT that contains user data including the role, which is admin.
And I am trying to figure out how I can adapt the code above to authorize/deny a request

oguzhan

11/14/2023, 11:42 AM

Hi @Charles Moga, What you’ve described is how it is usually done. In the interceptor, you need to build and provide the

principal

resource

and

action

to the

client.check

function. Then you can call the

isAllowed(action)

of the

result

returned to see if the action given is allowed. Is there some specific part where it is unclear so that I can explain?

Charles Moga

11/14/2023, 1:08 PM

Thank you. I am finishing updating our interceptor and will give it go.

Open in Slack

Previous Next