Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registry OPA parser: Negation support #2970

Closed
t83714 opened this issue Sep 14, 2020 · 2 comments
Closed

Registry OPA parser: Negation support #2970

t83714 opened this issue Sep 14, 2020 · 2 comments
Labels
feature request priority: low
Milestone
Next (v2.0.0)

Comments

@t83714
Copy link
Contributor

t83714 commented Sep 14, 2020
edited
Loading

Is your feature request related to a problem? Please describe.

Policy:

package object.registry.record.qld_digital_twin

import data.object.registry.record.has_permission
import data.object.registry.record.esri_groups
import data.object.registry.record.esri_owner
import data.object.registry.record.esri_public
import data.object.registry.record.admin_role
import data.object.registry.record.dt_privilege_role

read {
    admin_role
}

read {
    has_permission.read
    esri_groups
}

read {
    has_permission.read
    esri_owner
}

read {
    has_permission.read
    dt_privilege_role
}

read {
    esri_public
}

read {
    not input.object.registry.record["esri-access-control"]
}

The following response:

{
    "result": {
        "queries": [
            [
                {
                    "index": 0,
                    "terms": [
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "eq"
                                }
                            ]
                        },
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "input"
                                },
                                {
                                    "type": "string",
                                    "value": "object"
                                },
                                {
                                    "type": "string",
                                    "value": "registry"
                                },
                                {
                                    "type": "string",
                                    "value": "record"
                                },
                                {
                                    "type": "string",
                                    "value": "esri-access-control"
                                },
                                {
                                    "type": "string",
                                    "value": "access"
                                }
                            ]
                        },
                        {
                            "type": "string",
                            "value": "public"
                        }
                    ]
                }
            ],
            [
                {
                    "index": 0,
                    "negated": true,
                    "terms": {
                        "type": "ref",
                        "value": [
                            {
                                "type": "var",
                                "value": "input"
                            },
                            {
                                "type": "string",
                                "value": "object"
                            },
                            {
                                "type": "string",
                                "value": "registry"
                            },
                            {
                                "type": "string",
                                "value": "record"
                            },
                            {
                                "type": "string",
                                "value": "esri-access-control"
                            }
                        ]
                    }
                }
            ]
        ]
    }
}

should be parsed correctly.

PS without Negation, default rule is required (But this require parsing support section).

package object.registry.record.qld_digital_twin

import data.object.registry.record.has_permission
import data.object.registry.record.esri_groups
import data.object.registry.record.esri_owner
import data.object.registry.record.esri_public
import data.object.registry.record.admin_role
import data.object.registry.record.dt_privilege_role
import data.object.registry.record.has_access_control_aspect

read {
    admin_role
}

read {
    has_permission.read
    esri_groups
}

read {
    has_permission.read
    esri_owner
}

read {
    has_permission.read
    dt_privilege_role
}

read {
    esri_public
}

read {
    has_access_control_aspect == false
}
package object.registry.record

default has_access_control_aspect = false

has_access_control_aspect {
    input.object.registry.record["esri-access-control"]
}

{
    "result": {
        "queries": [
            [
                {
                    "index": 0,
                    "terms": [
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "eq"
                                }
                            ]
                        },
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "input"
                                },
                                {
                                    "type": "string",
                                    "value": "object"
                                },
                                {
                                    "type": "string",
                                    "value": "registry"
                                },
                                {
                                    "type": "string",
                                    "value": "record"
                                },
                                {
                                    "type": "string",
                                    "value": "esri-access-control"
                                },
                                {
                                    "type": "string",
                                    "value": "access"
                                }
                            ]
                        },
                        {
                            "type": "string",
                            "value": "public"
                        }
                    ]
                }
            ],
            [
                {
                    "index": 0,
                    "terms": [
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "eq"
                                }
                            ]
                        },
                        {
                            "type": "ref",
                            "value": [
                                {
                                    "type": "var",
                                    "value": "data"
                                },
                                {
                                    "type": "string",
                                    "value": "partial"
                                },
                                {
                                    "type": "string",
                                    "value": "object"
                                },
                                {
                                    "type": "string",
                                    "value": "registry"
                                },
                                {
                                    "type": "string",
                                    "value": "record"
                                },
                                {
                                    "type": "string",
                                    "value": "has_access_control_aspect"
                                }
                            ]
                        },
                        {
                            "type": "boolean",
                            "value": false
                        }
                    ]
                }
            ]
        ],
        "support": [
            {
                "package": {
                    "path": [
                        {
                            "type": "var",
                            "value": "data"
                        },
                        {
                            "type": "string",
                            "value": "partial"
                        },
                        {
                            "type": "string",
                            "value": "object"
                        },
                        {
                            "type": "string",
                            "value": "registry"
                        },
                        {
                            "type": "string",
                            "value": "record"
                        }
                    ]
                },
                "rules": [
                    {
                        "head": {
                            "name": "has_access_control_aspect",
                            "value": {
                                "type": "boolean",
                                "value": true
                            }
                        },
                        "body": [
                            {
                                "index": 0,
                                "terms": {
                                    "type": "ref",
                                    "value": [
                                        {
                                            "type": "var",
                                            "value": "input"
                                        },
                                        {
                                            "type": "string",
                                            "value": "object"
                                        },
                                        {
                                            "type": "string",
                                            "value": "registry"
                                        },
                                        {
                                            "type": "string",
                                            "value": "record"
                                        },
                                        {
                                            "type": "string",
                                            "value": "esri-access-control"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    {
                        "default": true,
                        "head": {
                            "name": "has_access_control_aspect",
                            "value": {
                                "type": "boolean",
                                "value": false
                            }
                        },
                        "body": [
                            {
                                "index": 0,
                                "terms": {
                                    "type": "boolean",
                                    "value": true
                                }
                            }
                        ]
                    }
                ]
            }
        ]
    }
}
@t83714 t83714 modified the milestone: v0.0.59 Nov 11, 2020
@t83714 t83714 added this to the v1.0.0 milestone Sep 23, 2021
@t83714 t83714 modified the milestones: v1.0.0, v1.10, Next Oct 15, 2021
@t83714
Copy link
Contributor Author

t83714 commented Oct 28, 2021

The new decision endpoint should support negation well: #3254

@t83714
Copy link
Contributor Author

t83714 commented Mar 9, 2022

closed via PR: #3257

@t83714 t83714 closed this as completed Mar 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request priority: low
Projects
None yet
Milestone
Next (v2.0.0)
Development

No branches or pull requests
1 participant
@t83714