https://cerbos.dev logo
#help
Title
# help
c

Charles Moga

11/14/2023, 11:12 AM
Copy code
I am trying to workout this snippet and adapt for our use case:

CheckResult result=client.check(
    Principal.newInstance("john","employee")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB")),
    Resource.newInstance("leave_request","xx125")
        .withPolicyVersion("20210210")
        .withAttribute("department",stringValue("marketing"))
        .withAttribute("geography",stringValue("GB"))
        .withAttribute("owner",stringValue("john")),
    "view:public","approve");

if(result.isAllowed("approve")){ // returns true if `approve` action is allowed
    ...
}

Our use case is a rest API with post, get, update and delete, and I have mapped against resources.
Fo example, we have "admin" with the following access:

resource|create |read  |update |delete
---------------------------------------
user    | true  | true | true  | true 
payment | false | true | false | false 


Now when request hits '/user', we have an interceptor,
that takes "user" as the resource, action (post, get, update, or delete) JWT that contains user data including the role, which is admin.
And I am trying to figure out how I can adapt the code above to authorize/deny a request
o

oguzhan

11/14/2023, 11:42 AM
Hi @Charles Moga, What you’ve described is how it is usually done. In the interceptor, you need to build and provide the
principal
,
resource
and
action
to the
client.check
function. Then you can call the
isAllowed(action)
of the
result
returned to see if the action given is allowed. Is there some specific part where it is unclear so that I can explain?
c

Charles Moga

11/14/2023, 1:08 PM
Thank you. I am finishing updating our interceptor and will give it go.