2022-10-20 16:29:54 +08:00
|
|
|
[request_definition]
|
|
|
|
r = sub, obj, act
|
|
|
|
|
|
|
|
[policy_definition]
|
|
|
|
p = sub, obj, act
|
|
|
|
|
2022-11-01 14:02:58 +08:00
|
|
|
[role_definition]
|
|
|
|
g = _, _
|
|
|
|
g2 = _, _
|
|
|
|
|
2022-10-20 16:29:54 +08:00
|
|
|
[policy_effect]
|
|
|
|
e = some(where (p.eft == allow))
|
|
|
|
|
|
|
|
[matchers]
|
2022-11-07 13:53:42 +08:00
|
|
|
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act || r.sub == "管理员"
|