Skip to content

Commit

Permalink
fix(unauth): fix contact_point meta, add rules for customer and addre…
Browse files Browse the repository at this point in the history 
…ss and contact_point
  • Loading branch information
Gerald Baulig committed Jul 31, 2024
1 parent 7cbb5e8 commit d624b6a
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 2 deletions.
2 changes: 1 addition & 1 deletion datasets/demo-shop/data/seed-data/addresses.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
value: urn:restorecommerce:acs:model:organization.Organization
attributes:
- id: urn:restorecommerce:acs:names:ownerInstance
value: restorecommerce-demo-shop-organization-000
value: restorecommerce-demo-shop-000-organization
---
id: restorecommerce-demo-customer-000-address-000
postcode: '23456'
Expand Down
2 changes: 1 addition & 1 deletion datasets/demo-shop/data/seed-data/contact_points.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
value: urn:restorecommerce:acs:model:organization.Organization
attributes:
- id: urn:restorecommerce:acs:names:ownerInstance
value: restorecommerce-demo-shop-organization-000
value: restorecommerce-demo-shop-000-organization
---
id: restorecommerce-demo-customer-000-contact-point
physicalAddressId: restorecommerce-demo-customer-000-address-000
Expand Down
6 changes: 6 additions & 0 deletions datasets/demo-shop/data/seed-data/users.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@
roleAssociations:
- id: restorecommerce-demo-shops-organization-unauthenticated-r-id
role: unauthenticated-r-id
attributes:
- id: urn:restorecommerce:acs:names:roleScopingEntity
value: urn:restorecommerce:acs:model:user.User
attributes:
- id: urn:restorecommerce:acs:names:roleScopingInstance
value: restorecommerce-demo-unauthenticated-user
- id: restorecommerce-demo-shops-organization-customer-r-id
role: customer-r-id
attributes:
Expand Down
9 changes: 9 additions & 0 deletions datasets/system/data/seed-data/policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
- sales-permits-all-hr-scoped
- moderator-permits-all-hr-scoped
- member-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- user-permits-all-owned
- permit-read-strict-scoped
- domainless-unauthenticated-permits-read-system
Expand Down Expand Up @@ -66,6 +67,8 @@
rules:
- administrator-permits-all-hr-scoped
- permit-read-strict-scoped
- sales-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- domainless-unauthenticated-permits-read-system
- fallback-deny-all
meta:
Expand All @@ -92,6 +95,7 @@
rules:
- administrator-permits-all-hr-scoped
- sales-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- moderator-permits-all-hr-scoped
- member-permits-read-hr-scoped
- user-permits-all-owned
Expand Down Expand Up @@ -122,6 +126,7 @@
rules:
- administrator-permits-all-hr-scoped
- sales-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- permit-read-strict-scoped
- domainless-unauthenticated-permits-read-system
- fallback-deny-all
Expand All @@ -148,6 +153,8 @@
value: urn:restorecommerce:acs:model:currency.Currency
rules:
- administrator-permits-all-hr-scoped
- sales-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- permit-read-strict-scoped
- domainless-unauthenticated-permits-read-system
- fallback-deny-all
Expand Down Expand Up @@ -178,6 +185,7 @@
- moderator-permits-all-hr-scoped
- member-permits-read-hr-scoped
- user-permits-all-owned
- customer-permits-read-owned
- unauthenticated-user-permits-read-owned
- fallback-deny-all
meta:
Expand Down Expand Up @@ -334,6 +342,7 @@
rules:
- administrator-permits-all-hr-scoped
- sales-permits-read-hr-scoped
- customer-permits-read-hr-scoped
- permit-read-strict-scoped
- domainless-unauthenticated-permits-read-system
- fallback-deny-all
Expand Down
26 changes: 26 additions & 0 deletions datasets/system/data/seed-data/rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,32 @@
attributes:
- id: urn:restorecommerce:acs:names:ownerInstance
value: system
---
id: customer-permits-read-owned
name: Customer Permits Read Owned
description: Permits read if subject is owner of resource
target:
resources: [ ]
subjects:
- id: urn:restorecommerce:acs:names:role
value: customer-r-id
- id: urn:restorecommerce:acs:names:roleScopingEntity
value: urn:restorecommerce:acs:model:user.User
- id: urn:restorecommerce:acs:names:hierarchicalRoleScoping
value: "false"
actions:
- id: urn:oasis:names:tc:xacml:1.0:action:action-id
value: urn:restorecommerce:acs:names:action:read
effect: PERMIT
evaluationCacheable: false
meta:
modifiedBy: ""
owners:
- id: urn:restorecommerce:acs:names:ownerIndicatoryEntity
value: urn:restorecommerce:acs:model:organization.Organization
attributes:
- id: urn:restorecommerce:acs:names:ownerInstance
value: system
---
id: user-permits-all-owned
name: User Permits All Owned
Expand Down

0 comments on commit d624b6a

Please sign in to comment.