Merge branch 'main' into khieta/oopsla-upgrade

cedar-example-use-cases/document_cloud/policies.cedar

@@ -115,4 +115,4 @@ when
   principal != resource.owner &&
   resource has isPrivate &&
   resource.isPrivate
-};
+};

cedar-example-use-cases/hotel_chains/static/policies.cedar

@@ -1,81 +1,99 @@
 // ==========================================
 // Policies for particular property resource types
-permit(
-  principal, 
+permit (
+  principal,
   action in [Action::"viewReservation"],
-  resource)
-when {
-   resource in principal.viewPermissions.hotelReservations ||
-   resource in principal.viewPermissions.propertyReservations
+  resource
+)
+when
+{
+  resource in principal.viewPermissions.hotelReservations ||
+  resource in principal.viewPermissions.propertyReservations
 };
-// ... three similar policies but for Inventory, PaymentDetails, Rates
 
-permit(
-  principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation"],
-  resource)
-when {
+// ... three similar policies but for Inventory, PaymentDetails, Rates
+permit (
+  principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation"],
+  resource
+)
+when
+{
   resource in principal.memberPermissions.hotelReservations ||
   resource in principal.memberPermissions.propertyReservations
 };
-// ... three similar policies but for Inventory, PaymentDetails, Rates
 
-permit(
-  principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation",
-             Action::"grantAccessReservation"
-             // ... other actions for all resource types
-             ],             
-  resource)
-when {
+// ... three similar policies but for Inventory, PaymentDetails, Rates
+permit (
+  principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation",
+     Action::"grantAccessReservation"
+    // ... other actions for all resource types
+    ],
+  resource
+)
+when
+{
   resource in principal.hotelAdminPermissions ||
   resource in principal.propertyAdminPermissions
 };
 
 // ==========================================
 // Policies for properties and hotels
-permit(
-  principal, 
-  action in [Action::"viewProperty",
-             Action::"viewHotel"],
-  resource)
-when {
+permit (
+  principal,
+  action in [Action::"viewProperty", Action::"viewHotel"],
+  resource
+)
+when
+{
   resource in principal.viewPermissions.hotelReservations ||
-  resource is Property && resource in principal.viewPermissions.propertyReservations
+  resource is Property &&
+  resource in principal.viewPermissions.propertyReservations
 // || resource in principal.viewPermissions.inventory ... for other resource types
 };
 
-permit(
-  principal, 
-  action in [Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel"],
-  resource)
-when {
+permit (
+  principal,
+  action in
+    [Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel"],
+  resource
+)
+when
+{
   resource in principal.memberPermissions.hotelReservations ||
-  resource is Property && resource in principal.memberPermissions.propertyReservations
+  resource is Property &&
+  resource in principal.memberPermissions.propertyReservations
 // || resource in principal.memberPermissions.inventory ... for other resource types
 };
 
-permit(
+permit (
   principal,
-  action in [Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"grantAccessProperty",
-             Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"grantAccessHotel"],
-  resource)
-when {
+  action in
+    [Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"grantAccessProperty",
+     Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"grantAccessHotel"],
+  resource
+)
+when
+{
   resource in principal.hotelAdminPermissions ||
-  resource is Property && resource in principal.propertyAdminPermissions
-};
+  resource is Property &&
+  resource in principal.propertyAdminPermissions
+};

cedar-example-use-cases/hotel_chains/templated/policies.cedar

@@ -1,53 +1,62 @@
 @id("ViewReservation")
-permit(
+permit (
   principal == ?principal,
   action in [Action::"viewReservation"],
-  resource in ?resource);
-
+  resource in ?resource
+);
+
 @id("MemberReservation")
-permit(
-  principal == ?principal, 
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation"],
-  resource in ?resource);
+permit (
+  principal == ?principal,
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation"],
+  resource in ?resource
+);
 
 @id("AdminReservation")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewReservation",
-             Action::"updateReservation",
-             Action::"createReservation",
-             Action::"grantAccessReservation"],
-  resource in ?resource);
+  action in
+    [Action::"viewReservation",
+     Action::"updateReservation",
+     Action::"createReservation",
+     Action::"grantAccessReservation"],
+  resource in ?resource
+);
 
 @id("ViewPropertyOrHotel")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewHotel",
-             Action::"viewProperty"],
-  resource in ?resource);
-  
+  action in [Action::"viewHotel", Action::"viewProperty"],
+  resource in ?resource
+);
+
 @id("MemberPropertyOrHotel")
-permit(
-  principal == ?principal, 
-  action in [Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty"],
-  resource in ?resource);
+permit (
+  principal == ?principal,
+  action in
+    [Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty"],
+  resource in ?resource
+);
 
 @id("AdminPropertyOrHotel")
-permit(
+permit (
   principal == ?principal,
-  action in [Action::"viewHotel",
-             Action::"updateHotel",
-             Action::"createHotel",
-             Action::"grantAccessHotel",
-             Action::"viewProperty",
-             Action::"updateProperty",
-             Action::"createProperty",
-             Action::"grantAccessProperty"],
-  resource in ?resource);
+  action in
+    [Action::"viewHotel",
+     Action::"updateHotel",
+     Action::"createHotel",
+     Action::"grantAccessHotel",
+     Action::"viewProperty",
+     Action::"updateProperty",
+     Action::"createProperty",
+     Action::"grantAccessProperty"],
+  resource in ?resource
+);

cedar-example-use-cases/run.sh

@@ -30,24 +30,24 @@ format "tax_preprarer" "policies.cedar"
 echo -e "\nTesting Sales Orgs (static)..."
 validate "sales_orgs/static" "policies.cedar" "policies.cedarschema"
 authorize "sales_orgs/static" "policies.cedar" "entities.json" "policies.cedarschema"
-#format "sales_orgs/static" "policies.cedar"
+format "sales_orgs/static" "policies.cedar"
 
 # Sales org templated
 echo -e "\nTesting Sales Orgs (templated)..."
 validate "sales_orgs/templated" "policies.cedar" "policies.cedarschema" "linked"
 authorize "sales_orgs/templated" "policies.cedar" "entities.json" "policies.cedarschema" "linked"
-#format "sales_orgs/templated" "policies.cedar"
+format "sales_orgs/templated" "policies.cedar"
 
 # Hotel chains static
 echo -e "\nTesting Hotels (static)..."
 validate "hotel_chains/static" "policies.cedar" "policies.cedarschema"
 authorize "hotel_chains/static" "policies.cedar" "entities.json" "policies.cedarschema"
-#format "hotel_chains/static" "policies.cedar"
+format "hotel_chains/static" "policies.cedar"
 
 # Hotel chains templated
 echo -e "\nTesting Hotels (templated)..."
 validate "hotel_chains/templated" "policies.cedar" "policies.cedarschema" "linked"
 authorize "hotel_chains/templated" "policies.cedar" "entities.json" "policies.cedarschema" "linked"
-#format "hotel_chains/static" "policies.cedar"
+format "hotel_chains/templated" "policies.cedar"
 
 exit "$any_failed"