fix(unauth): add customer of each sector to unauth user and fix rules

datasets/demo-shop/data/seed-data/customers.yaml

@@ -25,7 +25,7 @@
 ---
   id: restorecommerce-demo-customer-002
   private:
-    userId: restorecommerce-demo-customer-002-user
+    userId: restorecommerce-demo-customer-002-user-000
     contactPointIds: [
       restorecommerce-demo-customer-002-contact-point
     ]
@@ -38,15 +38,39 @@
           - id: urn:restorecommerce:acs:names:ownerInstance
             value: restorecommerce-demo-customer-002-user-000
 ---
-  id: restorecommerce-demo-customer-unauthenticated
+  id: restorecommerce-demo-customer-unauthenticated-private
   private:
     userId: restorecommerce-demo-unauthenticated-user
     contactPointIds: []
   meta:
     modifiedBy: ""
     owners:
       - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity
-        value: urn:restorecommerce:acs:model:organization.Organization
+        value: urn:restorecommerce:acs:model:user.User
+        attributes:
+          - id: urn:restorecommerce:acs:names:ownerInstance
+            value: restorecommerce-demo-unauthenticated-user
+---
+  id: restorecommerce-demo-customer-unauthenticated-commercial
+  commercial:
+    organizationId: ""
+  meta:
+    modifiedBy: ""
+    owners:
+      - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity
+        value: urn:restorecommerce:acs:model:user.User
+        attributes:
+          - id: urn:restorecommerce:acs:names:ownerInstance
+            value: restorecommerce-demo-unauthenticated-user
+---
+  id: restorecommerce-demo-customer-unauthenticated-public-sector
+  publicSector:
+    organizationId: ""
+  meta:
+    modifiedBy: ""
+    owners:
+      - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity
+        value: urn:restorecommerce:acs:model:user.User
         attributes:
           - id: urn:restorecommerce:acs:names:ownerInstance
-            value: restorecommerce-demo-root-organization
+            value: restorecommerce-demo-unauthenticated-user

datasets/system/data/seed-data/policies.yaml

@@ -178,6 +178,7 @@
     - moderator-permits-all-hr-scoped
     - member-permits-read-hr-scoped
     - user-permits-all-owned
+    - unauthenticated-user-permits-read-owned
     - fallback-deny-all
   meta:
     modifiedBy: ""

datasets/system/data/seed-data/rules.yaml

@@ -446,6 +446,30 @@
         attributes:
           - id: urn:restorecommerce:acs:names:ownerInstance
             value: system
+---
+  id: unauthenticated-user-permits-read-owned
+  name: Unauthenticated User Permits Read Owned
+  description: Permits read if resource is owned by unauthenticated subject
+  target:
+    subjects:
+      - id: urn:restorecommerce:acs:names:role
+        value: unauthenticated-r-id
+      - id: urn:restorecommerce:acs:names:roleScopingEntity
+        value: urn:restorecommerce:acs:model:user.User
+    actions:
+      - id: urn:oasis:names:tc:xacml:1.0:action:action-id
+        value: urn:restorecommerce:acs:names:action:read
+    resources: [ ]
+  effect: PERMIT
+  evaluationCacheable: false
+  meta:
+    modifiedBy: ""
+    owners:
+      - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity
+        value: urn:restorecommerce:acs:model:organization.Organization
+        attributes:
+          - id: urn:restorecommerce:acs:names:ownerInstance
+            value: system
 ---
   id: domainless-unauthenticated-permits-read-system
   name: Domainless Unauthenticated Permits Read System