-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* use logging datastore for sql in validate * upgrade to go 1.20 * fix otlp schema url * adjust go version in gh-actions * upgrade linter * upgrade to go 1.21 * replace exp/slices with slices from stdlib
- Loading branch information
1 parent
a25eb8a
commit 272638a
Showing
18 changed files
with
629 additions
and
1,280 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,85 +1,85 @@ | ||
package applications.mongo | ||
|
||
verify = true { | ||
input.path == ["api", "mongo", "apps", "1"] | ||
verify { | ||
input.path == ["api", "mongo", "apps", "1"] | ||
} | ||
|
||
verify = true { | ||
some user | ||
verify { | ||
some user | ||
|
||
data.mongo.users[user].name == input.user | ||
user.password = input.password | ||
data.mongo.users[user].name == input.user | ||
user.password = input.password | ||
} | ||
|
||
# Deny all by default | ||
allow = false | ||
allow := false | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# Users with right 'OWNER' on app can access it always | ||
allow = true { | ||
some appId, app, right, user | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", appId] | ||
allow { | ||
some app_id, app, right, user | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", app_id] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].id == appId | ||
# This query fires against collection -> apps | ||
data.mongo.apps[app].id == app_id | ||
|
||
# Nest elements | ||
data.mongo.rights[right].right == "OWNER" | ||
data.mongo.users[user].name == input.user | ||
# Nest elements | ||
data.mongo.rights[right].right == "OWNER" | ||
data.mongo.users[user].name == input.user | ||
|
||
# Query root | ||
app.stars > 2 | ||
# Query root | ||
app.stars > 2 | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# All apps with 5 stars are public | ||
allow = true { | ||
some app, appId | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", appId] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].stars == 5 | ||
app.id == appId | ||
allow { | ||
some app, app_id | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", app_id] | ||
|
||
# This query fires against collection -> apps | ||
data.mongo.apps[app].stars == 5 | ||
app.id == app_id | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# The first app is public | ||
allow = true { | ||
input.method == "GET" | ||
input.path == ["api", "mongo", "apps", "1"] | ||
allow { | ||
input.method == "GET" | ||
input.path == ["api", "mongo", "apps", "1"] | ||
} | ||
|
||
# Path: GET <any> | ||
# All users that are a friends of Kevin are allowed see everything | ||
allow = true { | ||
some user | ||
input.method == "GET" | ||
allow { | ||
some user | ||
input.method == "GET" | ||
|
||
# This query fires against collection -> users | ||
data.mongo.users[user].name == input.user | ||
old_or_kevin(user.age, user.friend) | ||
# This query fires against collection -> users | ||
data.mongo.users[user].name == input.user | ||
old_or_kevin(user.age, user.friend) | ||
} | ||
|
||
# Path: GET /api/mongo/apps/:app_id | ||
# Test for count function | ||
allow = true { | ||
some app | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", "4"] | ||
allow { | ||
some app | ||
input.method == "GET" | ||
input.path = ["api", "mongo", "apps", "4"] | ||
|
||
# Get all apps with 5 starts | ||
data.mongo.apps[app].stars > 4 | ||
# Get all apps with 5 starts | ||
data.mongo.apps[app].stars > 4 | ||
|
||
#If there is any one return true | ||
count(app) > 0 | ||
# If there is any one return true | ||
count(app) > 0 | ||
} | ||
|
||
old_or_kevin(age, friend) { | ||
age == 42 | ||
age == 42 | ||
} | ||
|
||
old_or_kevin(age, friend) { | ||
friend == "Kevin" | ||
friend == "Kevin" | ||
} |
Oops, something went wrong.