15 lines
324 B
Plaintext
15 lines
324 B
Plaintext
[request_definition]
|
|
r = sub, obj, act
|
|
|
|
[policy_definition]
|
|
p = sub, obj, act
|
|
|
|
[policy_effect]
|
|
e = some(where (p.eft == allow)) # Passes auth if any of the policies allows
|
|
|
|
[role_definition]
|
|
g = _, _
|
|
|
|
[matchers]
|
|
m = g(r.sub, p.sub) && r.sub == p.sub && (keyMatch2(r.obj, p.obj) || keyMatch3(r.obj, p.obj)) && r.act == p.act
|