add auth functionality

2025-12-08 14:28:07 +00:00
parent 2c0af8e237
commit 44cd64a1db
34 changed files with 3463 additions and 7056 deletions
--- a/policies/privateData_test.yaml
+++ b/policies/privateData_test.yaml
@@ -0,0 +1,40 @@
+# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
+# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
+
+apiVersion: api.cerbos.dev/v1
+resourcePolicy:
+  resource: privateData
+  version: default
+  rules:
+    - actions:
+        - create
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+    - actions:
+        - read
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+        - user
+    - actions:
+        - update
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+    - actions:
+        - delete
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+
+    # This is an example of using conditions for attribute-based access control
+    # The action is only allowed if the principal ID matches the ownerId attribute
+    # - actions: 
+    #    - someAction
+    #   effect: EFFECT_ALLOW
+    #   roles:
+    #     - admin 
+    #   condition:
+    #     match:
+    #       expr: request.resource.attr.ownerId == request.principal.id