Skip to content

Add LMS app template for fine-grained authorization #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Tabintel wants to merge 36 commits into
base: main
Choose a base branch
from
Open

Add LMS app template for fine-grained authorization #132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
ca0ced3
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
df76bb5
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
97b0b97
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
26ce195
addresses the comments
Tabintel Nov 14, 2025
5f9c37a
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
f2c0360
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
22dd9a3
Add LMS app template for fine-grained authorization
Tabintel Jul 14, 2025
5809796
Add LMS app template configuration
Tabintel Dec 5, 2025
24384dc
Update .gitignore and remove unused README
Tabintel Dec 5, 2025
24bb16e
Trino Schema Command
gemanor Jul 22, 2025
1c732f7
Fix Tests
gemanor Jul 22, 2025
ef2ef6e
Fix CI Tests
gemanor Jul 22, 2025
25dae3c
chore: add a RBAC blog template
Pradumnasaraf Jun 19, 2025
b95a587
feat: add roles and user sets for blog resource in RBAC configuration
Pradumnasaraf Jun 19, 2025
a524913
feat: add condition set rules and resource
Pradumnasaraf Jun 19, 2025
de4513e
chore: add condition set rules and resource sets for premium blog access
Pradumnasaraf Jun 20, 2025
9f7304e
refactor: update blog resource configuration and roles for comment ma…
Pradumnasaraf Jun 22, 2025
f480453
refactor: reorganize permissions for blog and comment resources, and …
Pradumnasaraf Jun 22, 2025
7c4b180
chore: add descriptions for blog and comment resources in Terraform t…
Pradumnasaraf Jun 22, 2025
bab5fb4
refactor: rename blog resources and roles to post for improved clarit…
Pradumnasaraf Jun 22, 2025
3e00c89
refactor: update permissions for post admin role and remove unused co…
Pradumnasaraf Jun 22, 2025
c719f69
refactor: formatting
Pradumnasaraf Jun 22, 2025
b5a1a45
fix attributes assigned under wrong key
orweis Sep 16, 2025
c376723
New version
gemanor Sep 16, 2025
1feca85
Adding support for EU region (#137)
EliMoshkovich Oct 15, 2025
7c91c5e
Create gateway-api-authorization.tf
miracleonyenma Aug 15, 2025
9122115
Add createColumnResources option to Trino configuration and update re…
danyi1212 Nov 10, 2025
6e6bd15
fix the publisher CI (#140)
EliMoshkovich Nov 10, 2025
5ce3e01
add expense approval system terraform file
Taofiqq Nov 26, 2025
11351e1
Add LMS app template configuration
Tabintel Dec 5, 2025
20287e8
Update .gitignore and remove unused README
Tabintel Dec 5, 2025
adbc42b
Remove duplicate lmsapp.tf file
Tabintel Dec 5, 2025
7afcb7b
Merge branch 'main' of https://github.com/Tabintel/permit-cli into ad…
Tabintel Dec 5, 2025
9ced17a
updates
Tabintel Dec 7, 2025
ac6b51e
Merge branch 'add-lms-app-template' of https://github.com/Tabintel/pe…
Tabintel Dec 7, 2025
436af9d
Update
Tabintel Dec 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,4 +187,4 @@ dist
.yarn/unplugged
.yarn/build-state.yml
.yarn/install-state.gz
.pnp.*
.pnp.*
255 changes: 255 additions & 0 deletions source/templates/lmsapp.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,255 @@
terraform {
required_providers {
permitio = {
source = "permitio/permit-io"
version = "~> 0.0.14"
}
}
}

provider "permitio" {
api_url = {{API_URL}}
api_key = {{API_KEY}}
}

# Resources
resource "permitio_resource" "course" {
name = "course"
description = ""
key = "course"

actions = {
"enroll" = {
name = "enroll"
},
"read" = {
name = "read"
},
"create" = {
name = "create"
},
"delete" = {
name = "delete"
}
}
attributes = {
"department" = {
name = "Department"
type = "string"
},
"studentIds" = {
name = "Student Ids"
type = "array"
},
"teacherId" = {
name = "Teacher Id"
type = "string"
}
}
}

# User Attributes
resource "permitio_user_attribute" "user_department" {
key = "department"
type = "string"
description = ""
}
resource "permitio_user_attribute" "user_id" {
key = "id"
type = "string"
description = ""
}
resource "permitio_user_attribute" "user_role" {
key = "role"
type = "string"
description = "user role"
}

# Roles

# Condition Set Rules
resource "permitio_condition_set_rule" "student_Courses_Where_Student_is_Enrolled_and_Same_Department_course_read" {
user_set = permitio_user_set.student.key
permission = "course:read"
resource_set = permitio_resource_set.Courses_Where_Student_is_Enrolled_and_Same_Department.key
depends_on = [
permitio_resource_set.Courses_Where_Student_is_Enrolled_and_Same_Department,
permitio_user_set.student
]
}
resource "permitio_condition_set_rule" "teacher_Courses_Matching_Teacher_Department_course_read" {
user_set = permitio_user_set.teacher.key
permission = "course:read"
resource_set = permitio_resource_set.Courses_Matching_Teacher_Department.key
depends_on = [
permitio_resource_set.Courses_Matching_Teacher_Department,
permitio_user_set.teacher
]
}
resource "permitio_condition_set_rule" "student_Courses_Matching_Teacher_Department_course_read" {
user_set = permitio_user_set.student.key
permission = "course:read"
resource_set = permitio_resource_set.Courses_Matching_Teacher_Department.key
depends_on = [
permitio_resource_set.Courses_Matching_Teacher_Department,
permitio_user_set.student
]
}
resource "permitio_condition_set_rule" "teacher_Courses_Matching_Teacher_Department_course_create" {
user_set = permitio_user_set.teacher.key
permission = "course:create"
resource_set = permitio_resource_set.Courses_Matching_Teacher_Department.key
depends_on = [
permitio_resource_set.Courses_Matching_Teacher_Department,
permitio_user_set.teacher
]
}
resource "permitio_condition_set_rule" "student_Courses_Where_Student_Can_Enroll_course_enroll" {
user_set = permitio_user_set.student.key
permission = "course:enroll"
resource_set = permitio_resource_set.Courses_Where_Student_Can_Enroll.key
depends_on = [
permitio_resource_set.Courses_Where_Student_Can_Enroll,
permitio_user_set.student
]
}

# Resource Sets
resource "permitio_resource_set" "Courses_Where_Student_Can_Enroll" {
name = "Courses Where Student Can Enroll"
key = "Courses_Where_Student_Can_Enroll"
resource = permitio_resource.course.key
conditions = jsonencode({
"allOf": [
{
"allOf": [
{
"resource.department": {
"equals": {
"ref": "user.department"
}
}
}
]
}
]
})
depends_on = [
permitio_resource.course
]
}
resource "permitio_resource_set" "Courses_Where_Student_is_Enrolled_and_Same_Department" {
name = "Courses Where Student is Enrolled and Same Department"
key = "Courses_Where_Student_is_Enrolled_and_Same_Department"
resource = permitio_resource.course.key
conditions = jsonencode({
"allOf": [
{
"allOf": [
{
"resource.department": {
"equals": {
"ref": "user.department"
}
}
},
{
"resource.studentIds": {
"array_contains": {
"ref": "user.id"
}
}
}
]
}
]
})
depends_on = [
permitio_resource.course
]
}
resource "permitio_resource_set" "Courses_Matching_Teacher_Department" {
name = "Courses Matching Teacher Department"
key = "Courses_Matching_Teacher_Department"
resource = permitio_resource.course.key
conditions = jsonencode({
"allOf": [
{
"allOf": [
{
"resource.department": {
"equals": {
"ref": "user.department"
}
}
}
]
}
]
})
depends_on = [
permitio_resource.course
]
}

# User Sets
resource "permitio_user_set" "admin" {
key = "admin"
name = "admin"
conditions = jsonencode({
allOf = [
{
allOf = [
{
"user.role" = {
equals = "admin"
}
}
]
}
]
})
depends_on = [
permitio_user_attribute.user_role
]
}
resource "permitio_user_set" "student" {
key = "student"
name = "student"
conditions = jsonencode({
allOf = [
{
allOf = [
{
"user.role" = {
equals = "student"
}
}
]
}
]
})
depends_on = [
permitio_user_attribute.user_role
]
}
resource "permitio_user_set" "teacher" {
key = "teacher"
name = "teacher"
conditions = jsonencode({
allOf = [
{
allOf = [
{
"user.role" = {
equals = "teacher"
}
}
]
}
]
})
depends_on = [
permitio_user_attribute.user_role
]
}
Loading