How-To Guides
Model Attribute-Based Access Control (ABAC)
Public/Private Resources

Public or Private Resources

Applications with shared or collaborative resources—like documents, code, or comments—may need a concept of public visibility, meaning they can be read by anyone.

A "public" attribute on a resource can be used to indicate that it is public.

Implement the logic

Public repositories are visible to anyone, so we write a rule that says that all users have permission to read a resource if it's public.


actor User { }
resource Repository {
permissions = ["read"];
"read" if is_public(resource);
}

Test it out

If the Anvil repository is public, anyone can read it.


test "public repositories" {
setup {
is_public(Repository{"anvil"});
}
assert allow(User{"alice"}, "read", Repository{"anvil"});
}

Conditional Roles