From cec2190f13df17a6beebec6cbfbed8bdca98f76c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Aguiar?= Date: Sat, 17 Feb 2024 20:36:16 -0300 Subject: [PATCH] chore: improve banking example (#20) --- stores/banking/store.fga.yaml | 81 +++++++++++++++++------------------ 1 file changed, 40 insertions(+), 41 deletions(-) diff --git a/stores/banking/store.fga.yaml b/stores/banking/store.fga.yaml index e58ecd5..df62c87 100644 --- a/stores/banking/store.fga.yaml +++ b/stores/banking/store.fga.yaml @@ -13,8 +13,7 @@ model: | define customer : [customer] define account_manager : [employee] - # We can define different policies for customers and account managers - + # We can define different transfer limit policies for customers and account managers define transfer_limit_policy : [bank#customer with transfer_limit_policy, bank#account_manager with transfer_limit_policy] type account @@ -22,57 +21,58 @@ model: | define bank : [bank] define owner : [customer] define account_manager : [employee] - define owner_or_account_manager : owner or account_manager - # The bank transfer permission is conditioned to the policy assigned to the customer or account manager. - - define can_make_bank_transfer : owner_or_account_manager and transfer_limit_policy from bank + # The bank transfer permission is conditioned to the policy assigned to customers or account managers. + define can_make_bank_transfer : (owner or account_manager) and transfer_limit_policy from bank # The policy has a maximum limit depending that can be overruled for a specific transaction. - condition transfer_limit_policy(transaction_amount: double, transaction_limit: double, new_transaction_limit_approved: double) { transaction_amount <= transaction_limit || transaction_amount <= new_transaction_limit_approved } tuples: - # Customers can transfer up to $100 - - user: bank:acme#customer - relation : transfer_limit_policy - object: bank:acme - condition: - name: transfer_limit_policy - context: - transaction_limit : 100 - - # Account managers can transfer up to $100 - - user: bank:acme#account_manager - relation : transfer_limit_policy - object: bank:acme - condition: - name: transfer_limit_policy - context: - transaction_limit : 1000 + - user: bank:acme#customer + relation : transfer_limit_policy + object: bank:acme + condition: + name: transfer_limit_policy + context: + transaction_limit : 100 + + # Account managers can transfer up to $100 + - user: bank:acme#account_manager + relation : transfer_limit_policy + object: bank:acme + condition: + name: transfer_limit_policy + context: + transaction_limit : 1000 - - user: customer:anne - relation: customer - object: bank:acme + # Anne is bank Acme's customer + - user: customer:anne + relation: customer + object: bank:acme - - user: employee:bob - relation: account_manager - object: bank:acme + # Anne is bank Acme's employee that's an account manager + - user: employee:bob + relation: account_manager + object: bank:acme - - user: bank:acme - relation: bank - object: account:123 + # The `123` account belongs to the Acme bank + - user: bank:acme + relation: bank + object: account:123 - - user: customer:anne - relation: owner - object: account:123 + # Anne is the owner of the `123` account + - user: customer:anne + relation: owner + object: account:123 - - user: employee:bob - relation: account_manager - object: account:123 + # Bob is the account manager of the `123` account + - user: employee:bob + relation: account_manager + object: account:123 tests: - name: Test bank transfers from customers @@ -109,5 +109,4 @@ tests: transaction_amount: 1000 new_transaction_limit_approved : 0 assertions: - can_make_bank_transfer: true - + can_make_bank_transfer: true \ No newline at end of file