WIP

Sergey Toy · Sergey Toy · commit 5c53e6fa66ea · 2019-11-06T09:08:00.000+08:00
diff --git a/lib/core/app/policies/ros/application_policy.rb b/lib/core/app/policies/ros/application_policy.rb
@@ -56,7 +56,6 @@ def initialize(user, scope)
       end
 
       def resolve
-
         actions = if user.attached_actions.is_a?(String)
                     JSON.parse(user.attached_actions)
                   else
diff --git a/services/iam/app/models/user.rb b/services/iam/app/models/user.rb
@@ -37,5 +37,9 @@ def self.urn_id; :username end
          authentication_keys: [:username]
   # jwt_revocation_strategy: Devise::JWT::RevocationStrategies::Null
 
+  def self.owned(user_context)
+    where(id: user_context.iam_user.id)
+  end
+
   def jwt_payload; @jwt_payload ||= { sub: to_urn } end
 end
diff --git a/services/iam/db/seeds/development/users.seeds.rb b/services/iam/db/seeds/development/users.seeds.rb
@@ -18,7 +18,7 @@
 
       policy = user.policies.create(name: 'Basic Policy')
       policy.actions.create(name: '*', effect: :allow, target_resource: 'urn:perx:*', segment: :everything)
-      
+
       # policy.actions.create(name: :index, effect: :allow, target_resource: 'urn:perx:iam::222222222:credential', segment: :everything)
       # policy.actions.create(name: :show, effect: :allow, target_resource: 'urn:perx:iam::222222222:user', segment: :everything)
       # policy.actions.create(name: :show, effect: :allow, target_resource: 'urn:perx:cognito::222222222:user', segment: :owned)
