mirror of
https://github.com/biscuit-auth/biscuit.git
synced 2024-09-11 06:15:30 +03:00
method syntax for set and string expressions
this commit introduces a method-like syntax for these operations: - .starts_with() - .ends_with() - .matches() - .contains() (replacing the In operation) There is no satisfying name to replace the "not in" operation, so it is replaced by a "contains" and negation, like this: "!set.contains($var)". The NotIn operation is removed from the V1 schema
This commit is contained in:
parent
fedca762f9
commit
01ea43fa9b
@ -529,7 +529,7 @@ Biscuit {
|
||||
facts: []
|
||||
rules: [
|
||||
valid_date("file1") <- time(#ambient, $0), resource(#ambient, "file1"), $0 <= 2030-12-31T12:59:59+00:00,
|
||||
valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, $1 not in ["\"file1\""]
|
||||
valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, !$1.contains(["\"file1\""])
|
||||
]
|
||||
checks: [
|
||||
check if valid_date($0), resource(#ambient, $0)
|
||||
@ -549,7 +549,7 @@ World {
|
||||
]
|
||||
rules: [
|
||||
"valid_date(\"file1\") <- time(#ambient, $0), resource(#ambient, \"file1\"), $0 <= 2030-12-31T12:59:59+00:00",
|
||||
"valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, $1 not in [\"\\\"file1\\\"\"]",
|
||||
"valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, !$1.contains([\"\\\"file1\\\"\"])",
|
||||
]
|
||||
checks: [
|
||||
"Block[1][0]: check if valid_date($0), resource(#ambient, $0)",
|
||||
@ -569,7 +569,7 @@ World {
|
||||
]
|
||||
rules: [
|
||||
"valid_date(\"file1\") <- time(#ambient, $0), resource(#ambient, \"file1\"), $0 <= 2030-12-31T12:59:59+00:00",
|
||||
"valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, $1 not in [\"\\\"file1\\\"\"]",
|
||||
"valid_date($1) <- time(#ambient, $0), resource(#ambient, $1), $0 <= 1999-12-31T12:59:59+00:00, !$1.contains([\"\\\"file1\\\"\"])",
|
||||
]
|
||||
checks: [
|
||||
"Block[1][0]: check if valid_date($0), resource(#ambient, $0)",
|
||||
@ -594,7 +594,7 @@ Biscuit {
|
||||
facts: []
|
||||
rules: []
|
||||
checks: [
|
||||
check if resource(#ambient, $0), $0 matches "file[0-9]+.txt"
|
||||
check if resource(#ambient, $0), $0.matches("file[0-9]+.txt")
|
||||
]
|
||||
}
|
||||
blocks: [
|
||||
@ -610,13 +610,13 @@ World {
|
||||
]
|
||||
rules: []
|
||||
checks: [
|
||||
"Block[0][0]: check if resource(#ambient, $0), $0 matches \"file[0-9]+.txt\"",
|
||||
"Block[0][0]: check if resource(#ambient, $0), $0.matches(\"file[0-9]+.txt\")",
|
||||
]
|
||||
policies: [
|
||||
"allow if true",
|
||||
]
|
||||
}
|
||||
validation for "file1": `Err(FailedLogic(FailedChecks([Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if resource(#ambient, $0), $0 matches \"file[0-9]+.txt\"" })])))`
|
||||
validation for "file1": `Err(FailedLogic(FailedChecks([Block(FailedBlockCheck { block_id: 0, check_id: 0, rule: "check if resource(#ambient, $0), $0.matches(\"file[0-9]+.txt\")" })])))`
|
||||
verifier world:
|
||||
World {
|
||||
facts: [
|
||||
@ -624,7 +624,7 @@ World {
|
||||
]
|
||||
rules: []
|
||||
checks: [
|
||||
"Block[0][0]: check if resource(#ambient, $0), $0 matches \"file[0-9]+.txt\"",
|
||||
"Block[0][0]: check if resource(#ambient, $0), $0.matches(\"file[0-9]+.txt\")",
|
||||
]
|
||||
policies: [
|
||||
"allow if true",
|
||||
|
Binary file not shown.
Binary file not shown.
21
schema.proto
21
schema.proto
@ -308,17 +308,16 @@ message OpBinary {
|
||||
LessOrEqual = 2;
|
||||
GreaterOrEqual = 3;
|
||||
Equal = 4;
|
||||
In = 5;
|
||||
NotIn = 6;
|
||||
Prefix = 7;
|
||||
Suffix = 8;
|
||||
Regex = 9;
|
||||
Add = 10;
|
||||
Sub = 11;
|
||||
Mul = 12;
|
||||
Div = 13;
|
||||
And = 14;
|
||||
Or = 15;
|
||||
Contains = 5;
|
||||
Prefix = 6;
|
||||
Suffix = 7;
|
||||
Regex = 8;
|
||||
Add = 9;
|
||||
Sub = 10;
|
||||
Mul = 11;
|
||||
Div = 12;
|
||||
And = 13;
|
||||
Or = 14;
|
||||
}
|
||||
|
||||
required Kind kind = 1;
|
||||
|
Loading…
Reference in New Issue
Block a user