Ankit Khosla
11/23/2022, 2:16 PMfalse
inside the node app. But, the same policy when tested in playground is returning true
for create action. Owner has full access over manager and store_manager
apiVersion: api.cerbos.dev/v1
principalPolicy:
version: default
principal: owner
rules:
- resource: manager
actions:
- action: "*"
effect: EFFECT_ALLOW
condition:
match:
expr: R.attr.clientNumber == P.attr.clientNumber
- resource: store_manager
actions:
- action: "*"
effect: EFFECT_ALLOW
condition:
match:
expr: R.attr.clientNumber == P.attr.clientNumber
Request body:
{
"principal": {
"id": "owner",
"roles": [
"OWNER"
],
"attr": {
"clientNumber": 1234
}
},
"resource": {
"kind": "manager",
"id": "1",
"attr": {
"clientNumber": 1234
}
},
"action": "CREATE"
}
Charith (Cerbos)
11/23/2022, 2:25 PMAnkit Khosla
11/23/2022, 4:36 PMAndrew Haines (Cerbos)
11/24/2022, 9:21 AMattributes
rather than attr
. So the request body needs to be slightly altered to work with the Node.js app.true
as the response:
{
"principal": {
"id": "owner",
"roles": [
"OWNER"
],
"attributes": {
"clientNumber": 1234
}
},
"resource": {
"kind": "manager",
"id": "1",
"attributes": {
"clientNumber": 1234
}
},
"action": "CREATE"
}
Ankit Khosla
11/24/2022, 10:53 AMattributes
in this example. https://github.com/cerbos/cerbos-sdk-javascript/tree/main/packages/grpc#example-usageAndrew Haines (Cerbos)
11/24/2022, 10:54 AM