Dimitar Danailov
02/16/2024, 10:13 AMconst hasAccess: boolean = await cerbos.isAllowed(request);
// if the booking.status is CONFIRMED -> true
// if the booking.status is AMENDED -> false
The policy rule is:
- actions: ["UPDATE"]
effect: EFFECT_ALLOW
derivedRoles:
- BOOKING_Role1
- BOOKING_Role2
condition:
match:
any:
of:
- expr: request.resource.attr.status == "INITIALIZED"
- expr: request.resource.attr.status == "BOOKED"
- expr: request.resource.attr.status == "PENDING"
- expr: request.resource.attr.status == "CONFIRMED"
- expr: request.resource.attr.status == "AMENDED"
Charith (Cerbos)
BOOKING_Role1
and BOOKING_Role2
)?Dimitar Danailov
02/16/2024, 10:53 AMDimitar Danailov
02/16/2024, 10:54 AMCharith (Cerbos)
--verbose
flag to get the execution trace.Dimitar Danailov
02/16/2024, 11:06 AMCharith (Cerbos)
Dimitar Danailov
02/18/2024, 1:29 PM