Issue #52 Update to 0.7 IDQL

Signed-off-by: Phil Hunt <[email protected]>
hexa-org · Sep 11, 2024 · 70fea7e · 70fea7e
1 parent 3e79e4c
commit 70fea7e
Show file tree

Hide file tree

Showing 16 changed files with 653 additions and 1,106 deletions.
diff --git a/cmd/hexaAuthZen/resources/data.json b/cmd/hexaAuthZen/resources/data.json
@@ -3,101 +3,81 @@
     {
       "meta": {
         "policyId": "GetUsers",
-        "version": "0.6",
+        "version": "0.7",
         "description": "Get information (e.g. email, picture) associated with a user"
       },
-      "subject": {
-        "members": ["anyAuthenticated"]
-      },
+      "subjects": [
+        "anyAuthenticated"
+      ],
       "actions": [
-        {
-          "actionUri": "can_read_user"
-        }
+        "can_read_user"
       ],
-      "object": {
-        "resource_id": "todo"
-      }
+      "object": "todo"
     },
     {
       "meta": {
         "policyId": "GetTodos",
-        "version": "0.6",
-
+        "version": "0.7",
         "description": "Get the list of todos. Always returns true for every user??"
       },
-      "subject": {
-        "members": ["anyAuthenticated"]
-      },
+      "subjects": [
+        "anyAuthenticated"
+      ],
       "actions": [
-        {
-          "actionUri": "can_read_todos"
-        }
+        "can_read_todos"
       ],
-      "object": {
-        "resource_id": "todo"
-      }
+      "object": "todo"
     },
     {
       "meta": {
-        "version": "0.6",
+        "version": "0.7",
         "description": "Create a new Todo",
         "policyId": "PostTodo"
       },
-      "subject": {
-        "members": ["role:admin","role:editor"]
-      },
+      "subjects": [
+        "role:admin",
+        "role:editor"
+      ],
       "actions": [
-        {
-          "actionUri": "can_create_todo"
-        }
+        "can_create_todo"
       ],
-      "object": {
-        "resource_id": "todo"
-      }
+      "object": "todo"
     },
     {
       "meta": {
-        "version": "0.6",
+        "version": "0.7",
         "description": "Edit(complete) a todo.",
         "policyId": "PutTodo"
       },
-      "subject": {
-        "members": ["anyAuthenticated"]
-      },
+      "subjects": [
+        "anyAuthenticated"
+      ],
       "actions": [
-        {
-          "actionUri": "can_update_todo"
-        }
+        "can_update_todo"
       ],
       "condition": {
         "rule": "subject.roles co evil_genius or resource.ownerID eq subject.claims.email",
         "action": "allow"
       },
-      "object": {
-        "resource_id": "todo"
-      }
+      "object": "todo"
     },
     {
       "meta": {
-        "version": "0.6",
+        "version": "0.7",
         "description": "Delete a todo if admin or owner of todo",
         "policyId": "DeleteTodo"
       },
-      "subject": {
-        "members": ["anyAuthenticated"]
-      },
+      "subjects": [
+        "anyAuthenticated"
+      ],
       "actions": [
-        {
-          "actionUri": "can_delete_todo"
-        }
+        "can_delete_todo"
       ],
       "condition": {
         "rule": "subject.roles co admin or resource.ownerID eq subject.claims.email",
         "action": "allow"
       },
-      "object": {
-        "resource_id": "todo"
-      }
+      "object": "todo"
     }
   ]
 }