-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoso_local_auth_docs.yml
28 lines (25 loc) · 1.06 KB
/
oso_local_auth_docs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Local auth configuration for the document management service.
#
# Each service should has its own local auth configuration file, which should be
# provided to the user-specific Oso client.
facts:
# Correlates `actor User` to `resource Document` roles.
has_role(User:_, String:_, Document:_):
query: >
SELECT username, role::TEXT, document_id FROM document_user_roles
# Provides the `belongs_to` relationship between `resource Document` and
# `resource Organization`.
has_relation(Document:_, belongs_to, Organization:_):
query: SELECT id, org FROM documents
# Expresses the public attribute of `resource Document`s.
is_public(Document:_):
query: SELECT id FROM documents WHERE public
sql_types:
User: TEXT
Organization: TEXT
Document: NUMERIC
# For more details about how this interacts with other components of the system,
# see:
# - env_template_db_init.sql for the application's SQL schema
# - oso_local_auth_*.yml for services' local authorization config
# - oso_policy.polar for this application's Polar policy, for use in Oso Cloud