guard/internal/usecase/rule.rego

package rbac

import rego.v1

request = {
	"roles": input.roles,
	"path": input.path,
	"method": input.method,
    "policies": input.policies,
}

default allow = false

key_match(request_path, policy_path) if {
	regex.match(policy_path, request_path)
}

# 方法函數的驗證
method_match(request_method, policy_methods) if {
	policy_methods[_] == request_method
}

# 檢驗是不是匹配或繼承
valid_role(user_role, policy_role) if {
	user_role[_] == policy_role
}

# 定義一個策略
allow if {
	policy := input.policies[_]
	key_match(input.path, policy.path)
	valid_role(input.roles, policy.role)
	method_match(input.method, policy.methods)
}
fix: update route to need login 2024-08-15 08:16:48 +00:00			`package rbac`

			`import rego.v1`

			`request = {`
			`"roles": input.roles,`
			`"path": input.path,`
			`"method": input.method,`
			`"policies": input.policies,`
			`}`

			`default allow = false`

			`key_match(request_path, policy_path) if {`
			`regex.match(policy_path, request_path)`
			`}`

			`# 方法函數的驗證`
			`method_match(request_method, policy_methods) if {`
			`policy_methods[_] == request_method`
			`}`

			`# 檢驗是不是匹配或繼承`
			`valid_role(user_role, policy_role) if {`
			`user_role[_] == policy_role`
			`}`

			`# 定義一個策略`
			`allow if {`
			`policy := input.policies[_]`
			`key_match(input.path, policy.path)`
			`valid_role(input.roles, policy.role)`
			`method_match(input.method, policy.methods)`
			`}`