diff --git a/datasets/system/data/seed-data/policies.yaml b/datasets/system/data/seed-data/policies.yaml index 86adc1a..a9e8bc9 100644 --- a/datasets/system/data/seed-data/policies.yaml +++ b/datasets/system/data/seed-data/policies.yaml @@ -1,3 +1,23 @@ +--- + id: fallback-deny-policy + name: Fallback Deny Policy + description: Fallback to deny if no other fits + evaluationCacheable: false + effect: DENY + target: + actions: [ ] + subjects: [ ] + resources: [ ] + rules: + - fallback-deny-all + meta: + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:organization.Organization + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: system + combiningAlgorithm: urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides --- id: address-policy name: Address Policy @@ -19,9 +39,7 @@ - user-permits-all-owned - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -44,7 +62,6 @@ rules: - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -70,9 +87,7 @@ - sales-permits-read-hr-scoped - customer-permits-read-hr-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -101,9 +116,7 @@ - user-permits-all-owned - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -129,9 +142,7 @@ - customer-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -157,9 +168,7 @@ - customer-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -187,9 +196,7 @@ - user-permits-all-owned - customer-permits-read-owned - unauthenticated-user-permits-read-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -211,9 +218,7 @@ value: urn:restorecommerce:acs:model:credential.Credental rules: - user-permits-all-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -237,9 +242,7 @@ - administrator-permits-all-hr-scoped - sales-permits-read-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -263,9 +266,7 @@ - administrator-permits-all-hr-scoped - sales-permits-read-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -290,9 +291,7 @@ - sales-permits-all-hr-scoped - moderator-permits-read-hr-scoped - user-permits-read-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -317,9 +316,7 @@ - sales-permits-all-hr-scoped - moderator-permits-read-hr-scoped - user-permits-read-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -345,9 +342,7 @@ - customer-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -371,9 +366,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -400,9 +393,7 @@ - sales-permits-all-hr-scoped - moderator-permits-all-hr-scoped - user-permits-read-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -428,9 +419,29 @@ - administrator-permits-all-hr-scoped - sales-requires-order-state-submitted - user-requires-order-state-pending - - fallback-deny-all meta: - modifiedBy: "" + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:organization.Organization + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: system + combiningAlgorithm: urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides +--- + id: order-evaluate-policy + name: Order Evaluate Policy + description: Policy for operation Evaluate Orders + evaluationCacheable: false + effect: PERMIT + target: + actions: [ ] + subjects: [ ] + resources: + - id: urn:restorecommerce:acs:names:operation + value: execution.evaluateOrders + rules: + - everyone-permits-all + meta: owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -453,9 +464,7 @@ rules: - administrator-permits-all-hr-scoped - customer-requires-order-state-pending - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -481,7 +490,6 @@ - moderator-requires-order-state-submitted - customer-requires-order-state-submitted meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -506,7 +514,6 @@ - sales-requires-order-state-submitted - sales-requires-order-state-withdrawn meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -536,9 +543,7 @@ - customer-permits-read-hr-scoped - user-permits-all-owned - permit-read-strict-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -565,9 +570,7 @@ - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - user-permits-all-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -593,9 +596,7 @@ - customer-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -620,9 +621,7 @@ - sales-permits-read-hr-scoped - moderator-permits-read-hr-scoped - user-permits-read-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -646,9 +645,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -672,9 +669,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -698,9 +693,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -724,9 +717,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -748,9 +739,7 @@ value: urn:restorecommerce:acs:model:role.Role rules: - everyone-permits-read - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -774,9 +763,7 @@ - administrator-permits-all-hr-scoped - sales-permits-all-hr-scoped - customer-permits-read-hr-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -800,9 +787,7 @@ - administrator-permits-all-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -827,9 +812,7 @@ - sales-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -854,9 +837,7 @@ - sales-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -878,9 +859,7 @@ value: urn:restorecommerce:acs:model:token.Token rules: - user-permits-all-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -905,9 +884,7 @@ - sales-permits-read-hr-scoped - permit-read-strict-scoped - domainless-unauthenticated-permits-read-system - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -935,9 +912,7 @@ - user-permits-read-owned - user-permits-update-owned - unauthenticated-user-permits-create-strict-scoped - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -967,9 +942,7 @@ - domainless-unauthenticated-permits-update - unauthenticated-user-permits-update-hr-scoped - user-permits-update-user-owned - - fallback-deny-all meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization diff --git a/datasets/system/data/seed-data/policy_sets.yaml b/datasets/system/data/seed-data/policy_sets.yaml index dec3f59..08875cf 100644 --- a/datasets/system/data/seed-data/policy_sets.yaml +++ b/datasets/system/data/seed-data/policy_sets.yaml @@ -24,6 +24,7 @@ - manufacturer-policy - order-read-policy - order-modify-policy + - order-evaluate-policy - order-submit-policy - order-withdraw-policy - order-cancel-policy @@ -44,6 +45,7 @@ - unit-code-policy - user-policy - user-credentials-reset-policy + - fallback-deny-policy meta: modifiedBy: "" owners: diff --git a/datasets/system/data/seed-data/rules.yaml b/datasets/system/data/seed-data/rules.yaml index 19adb33..16f0219 100644 --- a/datasets/system/data/seed-data/rules.yaml +++ b/datasets/system/data/seed-data/rules.yaml @@ -9,7 +9,23 @@ resources: [ ] evaluationCacheable: false meta: - modifiedBy: "" + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:organization.Organization + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: system +--- + id: everyone-permits-all + name: Everyone Permits All + description: Permits all to everyone + effect: PERMIT + target: + subjects: [ ] + resources: [ ] + actions: [ ] + evaluationCacheable: false + meta: owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -29,7 +45,6 @@ value: urn:restorecommerce:acs:names:action:read evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -51,7 +66,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -75,7 +89,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -97,7 +110,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -121,7 +133,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -143,7 +154,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -167,7 +177,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -191,7 +200,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -215,7 +223,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -239,7 +246,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -263,7 +269,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -289,7 +294,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -313,7 +317,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -339,7 +342,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -365,7 +367,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -389,7 +390,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -415,7 +415,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -441,7 +440,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -465,7 +463,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -489,7 +486,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -512,7 +508,6 @@ condition: "{ filters: [ { field: 'meta.owners[*].attributes[0].value', operation: 'in', value: 'system' } ] }" evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -534,7 +529,6 @@ effect: PERMIT evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -564,7 +558,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -594,7 +587,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -624,7 +616,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -654,7 +645,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -684,7 +674,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -714,7 +703,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -745,7 +733,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -776,7 +763,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization @@ -806,7 +792,6 @@ " evaluationCacheable: false meta: - modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity value: urn:restorecommerce:acs:model:organization.Organization diff --git a/package-lock.json b/package-lock.json index ac3a260..379f483 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@restorecommerce/datasets", - "version": "0.1.4", + "version": "0.1.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@restorecommerce/datasets", - "version": "0.1.4", + "version": "0.1.6", "license": "MIT", "workspaces": [ "datasets/**"