-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid using `Cedar` prefixes for anything, only those classes where the clarity is worth the cost TODO: Create Entities type with factory from List TODO: Move CedarEngine to core and improve interface for policy/entity management
- Loading branch information
Showing
65 changed files
with
2,172 additions
and
3,003 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
import 'package:cedar/cedar.dart'; | ||
|
||
void main() { | ||
const policies = ''' | ||
// Policy 0: Any User can create a list and see what lists they own | ||
permit ( | ||
principal, | ||
action in [Action::"CreateList", Action::"GetLists"], | ||
resource == Application::"TinyTodo" | ||
); | ||
// Policy 1: A User can perform any action on a List they own | ||
permit (principal, action, resource) | ||
when { resource has owner && resource.owner == principal }; | ||
'''; | ||
final policySet = PolicySet.parse(policies); | ||
|
||
final app = Entity( | ||
uid: EntityUid.of('Application', 'TinyTodo'), | ||
); | ||
final user = Entity( | ||
uid: EntityUid.of('User', 'alice'), | ||
parents: [app.uid], | ||
attributes: { | ||
'name': Value.string('Alice'), | ||
}, | ||
); | ||
final canCreateTodo = policySet.isAuthorized( | ||
AuthorizationRequest( | ||
principal: user.uid, | ||
action: EntityUid.of('Action', 'CreateList'), | ||
resource: app.uid, | ||
entities: {app.uid: app, user.uid: user}, | ||
), | ||
); | ||
switch (canCreateTodo) { | ||
case AuthorizationResponse(decision: Decision.allow): | ||
print('Alice can create the todo list!'); | ||
case AuthorizationResponse( | ||
:final errorMessages, | ||
:final reasons, | ||
): | ||
print('Alice cannot create the todo list'); | ||
print('Contributing policies: $reasons'); | ||
print('Error messages: $errorMessages'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.