feat: modular domain driven boilerplate

2025-09-22 01:29:55 +02:00
parent 2433f59d1a
commit 9be3230c84
160 changed files with 2468 additions and 1525 deletions
--- a/modules/identity/policies/identity.yaml
+++ b/modules/identity/policies/identity.yaml
@@ -0,0 +1,47 @@
+# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
+# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
+
+apiVersion: api.cerbos.dev/v1
+resourcePolicy:
+  resource: identity
+  version: default
+  rules:
+
+    ### Read
+
+    - actions:
+        - read
+      effect: EFFECT_ALLOW
+      roles:
+        - admin
+
+    - actions:
+        - read
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id
+
+    ### Update
+
+    - actions:
+        - update
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id
+
+    ### Delete
+    
+    - actions:
+        - delete
+      effect: EFFECT_ALLOW
+      roles:
+        - user
+      condition:
+        match:
+          expr: request.resource.id == request.principal.id