https://authzed.com logo
Title
j

Joey

12/07/2022, 11:19 PM
another example might be to restrict access if the user is not within a specific IP range (or is):
caveat ip_allowlist(user_ip ipaddress, cidr string) {
  user_ip.in_cidr(cidr)
}

definition user {}

definition resource {
  relation viewer: user with ip_allowlist
  permission view = viewer
}
in this case, you could write the
cidr
alongside the relationship:
resource:someresource#viewer@user:someuser[ip_allowlist:{"cidr": "1.2.3.0"}]
and then pass the user's current
user_ip
in the
CheckPermission
request