Access Policy Encoder/Parser
Statements Format
"statements": //Array "effect": "deny" // String "action": "*" // String or Array "resource": // String or Array "/user/${user.id}/*" "condition": // Object "equals": // Object "key": "value" "restiction": "equals": // Object "key": "value"
Statement
- effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use
deny
. - action: The HTTP action (
GET
,POST
,PUT
,DELETE
) - resource: The URL that is being accessed
- condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
- restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.
Encoding
Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.
Template Format
When encoding a policy variables are provided via template literal style strings.
"key": "${value}"
Parsing
Accepted Data
The following object is what the parser expects to recieve.
Action: 'GET' Resource: 'user/12345' property: 'value' property2: key: 'value' key2: 'value'
Required
The following properties are required for validation:
- Method: The http method for the request (
GET
,POST
,PUT
,DELETE
) - Resource: The
pathname
of the requesting URL
Optional
Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.
// Template "statements": "effect": "deny" "action": "*" "resource": "/user/${user.id}/*" "restiction": "equals": "account_id": "${accountId}" // Data Action: "GET" Resource: "/user/1234" accountId: "5678"