The app demonstrate a design collaboration app for users to share designs (like figma) and comment on them. the app policy will be enforce by permit. there are 3 types of users. reader, editor, and manager.
- Reader can only view design and comments on design, he can delete and edit his own comments.
- Creator can create and edit,delete his own designs ,but not others users, he can comment on his design. and other design but can only delete his own comments.
- Manager allow to create, edit, delete designs and comments of other users.
The app enable to signup a user, and expose route to sync user to permit system to set his authority
- python^3.10 python install
- pip (or any package installer you prefer) pip install
- terraform cli terraform install
- docker docker install
- docker-compose docker-compose install
- Signup to permit.io create your first project and grab your api key
-
load env variables to the shell
export TF_VAR_permit_api_key=<permit_api_key> -
Applying the terraform plan
cd terraform && terraform init && terraform plan && terraform apply -auto-approve && cd ..
go to your project dashboard you should see your policies resources and roles.
-
Create .env file(look at .env.dev) and paste the api key to the .env file
permit_api_key=<permit_api_key> pdp_address=<pdp_address> connection_string=<connection_string>for example
permit_api_key=permit_key_xxxxxx pdp_address=http://localhost:7766 connection_string=postgresql+asyncpg://postgres:postgres@db/design_app_db -
run
source .env -
run
docker-compose up -d(deploy the pdp, the db ,and the app)
Now it all setup to use our design app!
open swagger
-
Signup a new user with the email reader@gmail.com using the sign up request
-
You can see the user you created in the permit dashboard on the directory page under * All Tenants
-
Assign reader role to the user using assigned role request
-
paste it in the body request
{ "user":"reader@gmail.com", "role": "reader" }
- Signin (In the swagger page press on the authorized button and paste the user email)
- Try to create design using the create design request
-
Signup a new user with the email creator@gmail.com using the sign up request
-
Assign creator role to the user using assigned role request
-
paste it to the request body
{ "user":"creator@gmail.com", "role": "creator" }
-
Signin (In the swagger page press on the authorized button and paste the user email)
-
Try to create design using the create design request
-
The design should be created (check on your db)
-
Now Lets comment on the design with creator user
- Lets delete the comment of the creator just commented. when we create the design we assigned the creator to it. then when the comment created we are create tupple between the design and comment that created on the design. because the rule comment_moderator derived from the rule creator . when a creator will try to delete comment that created on his design he will be permitted to do it.
- Delete the design the creator this is permitted because the creator is assigned to the rule "own_designs" which allows to edit and delete own designs.