user-wsc/Utils/AccessControl/model.conf

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _
g2 = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act || r.sub == "管理员"
first commit 2022-10-20 16:29:54 +08:00			`[request_definition]`
			`r = sub, obj, act`

			`[policy_definition]`
			`p = sub, obj, act`

changes 2022-11-01 14:02:58 +08:00			`[role_definition]`
			`g = _, _`
			`g2 = _, _`

first commit 2022-10-20 16:29:54 +08:00			`[policy_effect]`
			`e = some(where (p.eft == allow))`

			`[matchers]`
changes 2022-11-07 13:53:42 +08:00			`m = g(r.sub, p.sub) && g2(r.obj, p.obj) && r.act == p.act \|\| r.sub == "管理员"`