Skip to content

Commit

Permalink
chore: Fix ACS user read rule so that each user can see only his details
Browse files Browse the repository at this point in the history
  • Loading branch information
Arun-KumarH committed Jul 31, 2023
1 parent 2d47bc9 commit 9ca3e72
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions demo-shop/data/seed_data/rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,28 @@
subjects:
- id: urn:restorecommerce:acs:names:role
value: user-r-id # NormalUser
- id: urn:restorecommerce:acs:names:roleScopingEntity
value: urn:restorecommerce:acs:model:organization.Organization
actions:
- id: urn:oasis:names:tc:xacml:1.0:action:action-id
value: urn:restorecommerce:acs:names:action:read
resources:
- id: urn:restorecommerce:acs:names:model:entity
value: urn:restorecommerce:acs:model:user.User
condition:
"
const resources = target.resources;
let isUser = false;
let userID;
for (let attribute of resources) {
if (attribute.id == 'urn:restorecommerce:acs:names:model:entity') {
isUser = (attribute.value == 'urn:restorecommerce:acs:model:user.User');
}
if (isUser) {
userID = context.subject.id;
}
}
userID;
"
effect: PERMIT
condition: ""
evaluationCacheable: false
contextQuery:
filters: [ ]
Expand Down

0 comments on commit 9ca3e72

Please sign in to comment.