permit (principal, action, resource)
when
{
  context has host &&
  context has method &&
  context has path &&
  ((context.host == "sparkle.runway.gitlab.net" ||
    context.host == "sparkle.staging.runway.gitlab.net" ||
    context.host like "localhost:*") &&
   ((context.method == "GET" &&
     (context.path == "/" ||
      context.path == "/callback" ||
      context.path == "/dashboard/nav" ||
      context.path == "/health" ||
      context.path == "/signout" ||
      context.path == "/sparkles")) ||
    (context.method == "POST" && (context.path == "/sparkles/restore"))))
};

permit (
  principal is User,
  action == Action::"POST",
  resource == Resource::"/sparkles"
)
when
{
  context has host &&
  context.host == "sparkle.staging.runway.gitlab.net" &&
  principal has username
};