how can i check an array of objects in rego to check if a user has permissions to use it?

The permitir rule is failing on this line:

input.permiso.accion == grant.accion

The trace reports this (albeit with a lot of other noise):

  tiene_permiso.rego:15          | | | Eval input.permiso.accion = grant.accion
  tiene_permiso.rego:15          | | | Fail input.permiso.accion = grant.accion

The reason it’s failing is that usuario_tiene_permitido generates a set of actions represented as strings, i.e., grant is a string not an object containing the subject and action. If you evaluate usuario_tiene_permitido with the input you provided, you’ll see this.

You could refactor the permitir rule as follows:

permitir {
    # Find grants for the user.
    some grant
    usuario_tiene_permitido[grant]
    input.permiso.accion == grant
}

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top