alloyzeus / az-wall

A wall (of ideas) for AlloyZeus
0 stars 0 forks source link

research-subject: Authorization checks system #1

Open exavolt opened 3 years ago

exavolt commented 3 years ago

Most relevant: CEL, Oso.

Relevant technologies:

An example case:

// service = group chat
// operation = post message
// principal = context user

  allow operation if
    chat accepts new messages
    and ((group member list contains context user and group allows members to post) or 
      group admin list contains context user)
    and group mute list does not contain context user
    and (the group does not require users with a verified phone number to
      post messages or context user has a verified phone number)
    and (the group does not require users with a verified email address to
      post messages or context user has a verified email address).
exavolt commented 3 years ago

Another reference: Firebase Security Rules

service cloud.firestore {
  match /databases/{database}/documents {
    match /stories/{storyid} {
      // Only the authenticated user who authored the document can read or write
      allow read, write: if request.auth != null && request.auth.uid == resource.data.author;
    }
  }
}