refactor: combine cedar policies and add tests

author: mo khan <mo@mokhan.ca> 2025-04-02 13:32:22 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-02 13:32:22 -0600
commit: 894e270ab5a15de2b664cc6f4ee6fd8369985f75 (patch)
tree: d778e426fcd1666dd35d978215434103e78acee8 /pkg/policies/rest.cedar
parent: 2a37de4a34552feac221771278236fb23f8e83c0 (diff)
1 files changed, 11 insertions, 40 deletions
diff --git a/pkg/policies/rest.cedar b/pkg/policies/rest.cedar
index a8896849..c6c4f745 100644
--- a/pkg/policies/rest.cedar
+++ b/pkg/policies/rest.cedar
@@ -1,41 +1,12 @@
 permit (
-    principal == Subject::"*",
-    action == Action::"GET",
-    resource in Path::"/projects.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"GET",
-    resource in Path::"/*.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"POST",
-    resource in Path::"/*.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"PUT",
-    resource in Path::"/*.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"PATCH",
-    resource in Path::"/*.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"DELETE",
-    resource in Path::"/*.json"
-);
-
-permit (
-    principal == Subject::"gid://User/1",
-    action == Action::"HEAD",
-    resource in Path::"/*.json"
-);
+  principal == User::"1",
+  action in [
+    HttpMethod::"GET",
+    HttpMethod::"POST",
+    HttpMethod::"PUT",
+    HttpMethod::"PATCH",
+    HttpMethod::"DELETE",
+    HttpMethod::"HEAD"
+  ],
+  resource
+) when { context.host == "api.example.com" };
author	mo khan <mo@mokhan.ca>	2025-04-02 13:32:22 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-02 13:32:22 -0600
commit	894e270ab5a15de2b664cc6f4ee6fd8369985f75 (patch)
tree	d778e426fcd1666dd35d978215434103e78acee8 /pkg/policies/rest.cedar
parent	2a37de4a34552feac221771278236fb23f8e83c0 (diff)