package library

import data.policy

# Uncomment following section (from line 7 to line 24) to try more realistic decision logic.
# --- BEGIN ---
# default allow := false
# Find roles matching permission
# er := {role | er := policy[_];
#            regex.match(er[i]["path"], input.uri);
#            # methods_included := [method | method := er[i]["allowedMethods"][_]; method == input.method]
#            # count(methods_included) > 0
#            role := er[i].role}

#is_effective_role {
#    print(input)
#    print(policy)
#    count(er) != 0
#    er[_] == input.authorities[_]
#}

#allow {
#  is_effective_role
#}
# --- END ---

# Tis section is for simple OPA test. Comment it out, if you go for real scenario above.
# --- BEGIN ---
default allow := {
	"authorized": false,
	"messages": [],
}
# --- END ---