Skip to content

Rego Policies for Notes RBAC/ABAC (+ Unit Tests) #145

New issue
New issue
Closed
#158
Closed
Rego Policies for Notes RBAC/ABAC (+ Unit Tests)#145
#158
Assignees
Ikey168
Labels
backendgood first issueGood for newcomerssecuritySecurity, testing, and vulnerabilities
Milestone
Enterprise Identity & Policy (Keycloak + OPA)
@Ikey168

Description

@Ikey168
Ikey168
opened on Aug 25, 2025

Motivation: Express domain authZ in code: who can read/write which note, tag, or plugin action.

Acceptance Criteria

  • policy/authorization.rego implements at least:
    • notes.read: owner or shared-with role.
    • notes.write: owner or editor.
    • notes.admin: admin role.
    • Tag/graph link rules aligned with domain model.
  • Policy unit tests: allow/deny matrices pass.
  • Documentation: docs/policy/README.md explaining rules & inputs.

Tasks

  • Define input schema (claims, path, method, resource owner, scopes).
  • Implement allow/deny rules + default deny.
  • Add opa test suite with table-driven cases.
  • Wire a simple “policy bundle” build (e.g., make policy-build).

Notes

  • Prefer capability-based checks (scopes/claims) for plugin actions.

Metadata

Metadata

Assignees

Labels

backendgood first issueGood for newcomerssecuritySecurity, testing, and vulnerabilities

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions