also user can view "allowed"

CanDIG · May 22, 2024 · 577a436 · 577a436
1 parent 36a1cdc
commit 577a436
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/permissions_engine/authz.rego b/permissions_engine/authz.rego
@@ -82,3 +82,11 @@ allow {
     data.permissions.valid_token == true
     input.body.input.token == input.identity
 }
+
+# As long as the user is authorized, should be able to see if they're allowed to view something
+allow {
+    input.path == ["v1", "data", "permissions", "allowed"]
+    input.method == "POST"
+    data.permissions.valid_token == true
+    input.body.input.token == input.identity
+}