Logo: Relish

  1. Sign in

Project: Possum-api

Check whether a role has a privilege on a resource

An RBAC transaction involves a role, a privilege, and a resource. A permission
check determines whether a transaction is allowed or not.

Background
Given
I create a new resource
And
a new user "bob"
And
I permit user "bob" to "fry" it
Scenarios
  • @logged-in
I confirm that the role can perform the granted action

If a role is granted a privilege on a resource, then a permission check will pass.

Then
I can GET "/roles/:account/user/[email protected]:user_namespace" with parameters:
check: true
resource: "@[email protected]:@[email protected]"
privilege: fry
  • @logged-in
I confirm that the role cannot perform ungranted actions

If a role is not granted a privilege, then a permission check will fail.

When
I GET "/roles/:account/user/[email protected]:user_namespace" with parameters:
check: true
resource: "@[email protected]:@[email protected]"
privilege: freeze
Then
it's not found
The new role can confirm that it may perform the granted action

A role which is authenticated can use check parameter to determine whether it
has a privilege on some resource.

When
I login as "bob"
Then
I can GET "/resources/:account/:resource_kind/:resource_id" with parameters:
check: true
privilege: fry

Last published over 3 years ago by Kevin Gilpin.