github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/allopscaveat.yaml

github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/allopscaveat.yaml (about)

     1  ---
     2  schema: |+
     3    definition user {}
     4  
     5    caveat some_caveat(somecondition int) {
     6      somecondition == 42
     7    }
     8  
     9    caveat another_caveat(anothercondition string) {
    10      anothercondition == 'hello world'
    11    }
    12  
    13    caveat third_caveat(thirdcondition bool) {
    14      thirdcondition
    15    }
    16  
    17    definition document {
    18      relation reader: user | user with some_caveat
    19      relation writer: user | user with another_caveat
    20      relation banned: user | user with third_caveat
    21  
    22      permission has_permission = (reader & writer) - banned
    23    }
    24  
    25  relationships: >-
    26    document:firstdoc#reader@user:always
    27  
    28    document:firstdoc#writer@user:always
    29  
    30    document:firstdoc#reader@user:notbanned[some_caveat:{"somecondition":42}]
    31  
    32    document:firstdoc#writer@user:notbanned[another_caveat:{"anothercondition":"hello world"}]
    33  
    34    document:firstdoc#reader@user:possiblybanned
    35  
    36    document:firstdoc#writer@user:possiblybanned
    37  
    38    document:firstdoc#banned@user:possiblybanned[third_caveat]
    39  
    40    document:firstdoc#reader@user:definitelybanned
    41  
    42    document:firstdoc#writer@user:definitelybanned
    43  
    44    document:firstdoc#banned@user:definitelybanned[third_caveat:{"thirdcondition":true}]
    45  
    46    document:firstdoc#reader@user:caveatedreader[some_caveat]
    47  
    48    document:firstdoc#writer@user:caveatedreader
    49  
    50    document:firstdoc#reader@user:caveatedwriter
    51  
    52    document:firstdoc#writer@user:caveatedwriter[another_caveat]
    53  assertions:
    54    assertTrue:
    55      - "document:firstdoc#has_permission@user:always"
    56      - "document:firstdoc#has_permission@user:notbanned"
    57      - 'document:firstdoc#has_permission@user:possiblybanned with {"thirdcondition":false}'
    58      - 'document:firstdoc#has_permission@user:caveatedreader with {"somecondition": 42}'
    59      - 'document:firstdoc#has_permission@user:caveatedwriter with {"anothercondition": "hello world"}'
    60    assertCaveated:
    61      - "document:firstdoc#has_permission@user:possiblybanned"
    62      - "document:firstdoc#has_permission@user:caveatedreader"
    63      - "document:firstdoc#has_permission@user:caveatedwriter"
    64    assertFalse:
    65      - "document:firstdoc#has_permission@user:definitelybanned"
    66      - 'document:firstdoc#has_permission@user:possiblybanned with {"thirdcondition":true}'
    67      - 'document:firstdoc#has_permission@user:caveatedreader with {"somecondition": 41}'
    68      - 'document:firstdoc#has_permission@user:caveatedwriter with {"anothercondition": "hi there"}'