Access Policy Encoder/Parser

Statements Format

{ "statements": [ //Array { "effect": "deny", // String "action": "*", // String or Array "resource": [ // String or Array "/user/${user.id}/*" ], "condition": { // Object "equals": { // Object "key": "value" } }, "restiction": { "equals": { // Object "key": "value" } } } ] }

Statement

• effect: (Optional) Access to a resource is always denied if there are no matches in a statement. If you need to countermand a more "general" allowed statement with a specific rule, you would use deny.
• action: The HTTP action (GET, POST, PUT, DELETE)
• resource: The URL that is being accessed
• condition: (Optional) A condition for accessing the resource. NOT YET IMPLEMENTED
• restriction: (Otional) Restrictions to the data that can be accessed from a resource. While it's entirely possible to access a resource it can be possible to limit that data that is available from it.

Encoding

Encoding a statement happens at run time (if the provided statement hasn't already been encoded) and evaluated against data provided.

Template Format

When encoding a policy variables are provided via template literal style strings.

{ "key": "${value}" }

Parsing

Accepted Data

The following object is what the parser expects to recieve.

{ Action: 'GET', Resource: 'user/12345', property: 'value', property2: { key: 'value', key2: 'value' } }

Required

The following properties are required for validation:

• Method: The http method for the request (GET, POST, PUT, DELETE)
• Resource: The pathname of the requesting URL

Optional

Beyond the required properties you can inlude arbitrary properties that can be nested and accessed during encoding.

// Template { "statements": [ { "effect": "deny", "action": "*", "resource": [ "/user/${user.id}/*" ], "restiction": { "equals": { "account_id": "${accountId}" } } } ] } // Data { Action: "GET", Resource: "/user/1234", accountId: "5678" }