From 30fd7128d0e9a2135c936c587a2131c989c5e1f6 Mon Sep 17 00:00:00 2001 From: Gerald Baulig Date: Mon, 29 Jul 2024 07:57:37 +0200 Subject: [PATCH] fix(unauth): add customer of each sector to unauth user and fix rules --- .../demo-shop/data/seed-data/customers.yaml | 32 ++++++++++++++++--- datasets/system/data/seed-data/policies.yaml | 1 + datasets/system/data/seed-data/rules.yaml | 24 ++++++++++++++ 3 files changed, 53 insertions(+), 4 deletions(-) diff --git a/datasets/demo-shop/data/seed-data/customers.yaml b/datasets/demo-shop/data/seed-data/customers.yaml index 1d82030..ed36e58 100644 --- a/datasets/demo-shop/data/seed-data/customers.yaml +++ b/datasets/demo-shop/data/seed-data/customers.yaml @@ -25,7 +25,7 @@ --- id: restorecommerce-demo-customer-002 private: - userId: restorecommerce-demo-customer-002-user + userId: restorecommerce-demo-customer-002-user-000 contactPointIds: [ restorecommerce-demo-customer-002-contact-point ] @@ -38,7 +38,7 @@ - id: urn:restorecommerce:acs:names:ownerInstance value: restorecommerce-demo-customer-002-user-000 --- - id: restorecommerce-demo-customer-unauthenticated + id: restorecommerce-demo-customer-unauthenticated-private private: userId: restorecommerce-demo-unauthenticated-user contactPointIds: [] @@ -46,7 +46,31 @@ modifiedBy: "" owners: - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity - value: urn:restorecommerce:acs:model:organization.Organization + value: urn:restorecommerce:acs:model:user.User + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: restorecommerce-demo-unauthenticated-user +--- + id: restorecommerce-demo-customer-unauthenticated-commercial + commercial: + organizationId: "" + meta: + modifiedBy: "" + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:user.User + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: restorecommerce-demo-unauthenticated-user +--- + id: restorecommerce-demo-customer-unauthenticated-public-sector + publicSector: + organizationId: "" + meta: + modifiedBy: "" + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:user.User attributes: - id: urn:restorecommerce:acs:names:ownerInstance - value: restorecommerce-demo-root-organization \ No newline at end of file + value: restorecommerce-demo-unauthenticated-user \ No newline at end of file diff --git a/datasets/system/data/seed-data/policies.yaml b/datasets/system/data/seed-data/policies.yaml index de926cd..c8ae8eb 100644 --- a/datasets/system/data/seed-data/policies.yaml +++ b/datasets/system/data/seed-data/policies.yaml @@ -178,6 +178,7 @@ - moderator-permits-all-hr-scoped - member-permits-read-hr-scoped - user-permits-all-owned + - unauthenticated-user-permits-read-owned - fallback-deny-all meta: modifiedBy: "" diff --git a/datasets/system/data/seed-data/rules.yaml b/datasets/system/data/seed-data/rules.yaml index 28087d7..c1d8162 100644 --- a/datasets/system/data/seed-data/rules.yaml +++ b/datasets/system/data/seed-data/rules.yaml @@ -446,6 +446,30 @@ attributes: - id: urn:restorecommerce:acs:names:ownerInstance value: system +--- + id: unauthenticated-user-permits-read-owned + name: Unauthenticated User Permits Read Owned + description: Permits read if resource is owned by unauthenticated subject + target: + subjects: + - id: urn:restorecommerce:acs:names:role + value: unauthenticated-r-id + - id: urn:restorecommerce:acs:names:roleScopingEntity + value: urn:restorecommerce:acs:model:user.User + actions: + - id: urn:oasis:names:tc:xacml:1.0:action:action-id + value: urn:restorecommerce:acs:names:action:read + resources: [ ] + effect: PERMIT + evaluationCacheable: false + meta: + modifiedBy: "" + owners: + - id: urn:restorecommerce:acs:names:ownerIndicatoryEntity + value: urn:restorecommerce:acs:model:organization.Organization + attributes: + - id: urn:restorecommerce:acs:names:ownerInstance + value: system --- id: domainless-unauthenticated-permits-read-system name: Domainless Unauthenticated Permits Read System