github.com/authzed/spicedb@v1.32.1-0.20240520085336-ebda56537386/internal/services/integrationtesting/testconfigs/caveatip.yaml (about)

     1  ---
     2  schema: |+
     3    definition user {}
     4  
     5    caveat is_valid_ip(user_ip ipaddress, cidr string) {
     6      user_ip.in_cidr(cidr)
     7    }
     8  
     9    definition document {
    10    	relation viewer: user with is_valid_ip | user
    11      permission view = viewer
    12    }
    13  
    14  relationships: >-
    15    document:firstdoc#viewer@user:tom[is_valid_ip:{"cidr":"10.0.0.0/8"}]
    16  
    17    document:firstdoc#viewer@user:sarah[is_valid_ip:{"cidr":"10.1.0.0/16"}]
    18  
    19    document:firstdoc#viewer@user:tracy
    20  assertions:
    21    assertTrue:
    22      - 'document:firstdoc#view@user:tracy'
    23      - 'document:firstdoc#view@user:tom with {"user_ip": "10.2.3.4"}'
    24      - 'document:firstdoc#view@user:sarah with {"user_ip": "10.1.3.4"}'
    25    assertCaveated:
    26      - 'document:firstdoc#view@user:tom'
    27      - 'document:firstdoc#view@user:sarah'
    28    assertFalse:
    29      - 'document:firstdoc#view@user:tom with {"user_ip": "1.2.3.4"}'
    30      - 'document:firstdoc#view@user:sarah with {"user_ip": "10.2.3.4"}'