[Cedar Doc Issue] is in scope doesn't work

[apexskier]

What were you trying to do?

I want to use the is syntax to constrain a policy to a type of entity.

In the playground, I set a policy:

permit (
    principal is PhotoApp::User,
    action == PhotoApp::Action::"viewPhoto",
    resource == PhotoApp::Photo::"vacationPhoto.jpg"
);

What is wrong and why?

This results in the error:

Unrecognized token `is` found at 23:25 Expected one of "!=", "%", "&&", "(", ")", "*", "+", ",", "-", ".", "/", ":", "::", "<", "<=", "==", ">", ">=", "[", "]", "{", "||", "}", ELSE, HAS, IN, LIKE or THEN

According to

cedar-docs/docs/collections/_policies/syntax-policy.md

Line 118 in da24616

//matches any principal of type User

, this is allowed.

What do we need to do to fix this?

Either fix the source to ensure this is allowed, or update the docs to clarify it's not.

This works in the when body of a policy, but the docs imply strongly to me it works in the scope since it's nested within the #term-policy-scope section.

[apexskier]

https://github.com/cedar-policy/cedar-examples/blob/b3f3d0912678a853001c30e79a5e60e00f2fdb07/tinytodo/policies.cedar#L52 also implies this is supported

[mwhicks1]

Hi apexskier -- The Cedar playground is running an older version of Cedar -- 2.4.3 if I recall correctly. If you try your example using the command-line interface with version 3.0.x it should work.

[mwhicks1]

Closing this issue as it is not a docs issue, but rather a difference between the Cedar playground (running 2.4.3) and the docs version (3.0.1). Added issue #85 to host older versions of docs, especially those on the playground.