aboutsummaryrefslogtreecommitdiffstats
path: root/moonv4/moon_interface/moon_interface/api/rules.py
diff options
context:
space:
mode:
Diffstat (limited to 'moonv4/moon_interface/moon_interface/api/rules.py')
-rw-r--r--moonv4/moon_interface/moon_interface/api/rules.py25
1 files changed, 23 insertions, 2 deletions
diff --git a/moonv4/moon_interface/moon_interface/api/rules.py b/moonv4/moon_interface/moon_interface/api/rules.py
index 81639a37..7757d275 100644
--- a/moonv4/moon_interface/moon_interface/api/rules.py
+++ b/moonv4/moon_interface/moon_interface/api/rules.py
@@ -62,13 +62,34 @@ class Rules(Resource):
:request body: post = {
"meta_rule_id": "meta_rule_id1",
"rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {"decision": "grant"},
+ )
"enabled": True
}
:return: {
"rules": [
"meta_rule_id": "meta_rule_id1",
- "rule_id1": ["subject_data_id1", "object_data_id1", "action_data_id1"],
- "rule_id2": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "rule_id1": {
+ "rule": ["subject_data_id1", "object_data_id1", "action_data_id1"],
+ "instructions": (
+ {"decision": "grant"}, # "grant" to immediately exit,
+ # "continue" to wait for the result of next policy
+ # "deny" to deny the request
+ )
+ }
+ "rule_id2": {
+ "rule": ["subject_data_id2", "object_data_id2", "action_data_id2"],
+ "instructions": (
+ {
+ "update": {
+ "operation": "add", # operations may be "add" or "delete"
+ "target": "rbac:role:admin" # add the role admin to the current user
+ }
+ },
+ {"chain": {"name": "rbac"}} # chain with the policy named rbac
+ )
+ }
]
}
:internal_api: add_rule