-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathauthorization.polar
More file actions
57 lines (40 loc) · 1.28 KB
/
authorization.polar
File metadata and controls
57 lines (40 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
allow(actor, action, resource) if
has_permission(actor, action, resource);
actor Users {}
# Station resource
resource Stations {
roles = ["admin", "metadata", "operator", "rainfall"];
permissions = [
"read_observation",
"list_observation",
"create_observation",
];
"read_observation" if "rainfall";
"list_observation" if "operator";
"create_observation" if "metadata";
"rainfall" if "operator";
"operator" if "metadata";
"metadata" if "admin";
}
has_role(user: Users, name: String, station: Stations) if
role in user.station_roles and
role matches { name: name, station_id: station.id };
resource Observations {
roles = ["reader", "writer" ];
permissions = [
"read_observation",
"list_observation",
"create_observation",
"delete_observation",
"update_observation"
];
relations = { parent: Stations };
"read_observation" if "reader";
"list_observation" if "reader";
"create_observation" if "writer";
"reader" if "writer";
"writer" if "admin" on "parent";
"delete_observation" if "admin" on "parent";
"update_observation" if "admin" on "parent";
}
has_relation(station: Stations, "parent", observation: Observations) if observation.source_station = station;