Joey
12/07/2022, 11:19 PMcaveat ip_allowlist(user_ip ipaddress, cidr string) {
user_ip.in_cidr(cidr)
}
definition user {}
definition resource {
relation viewer: user with ip_allowlist
permission view = viewer
}
in this case, you could write the cidr
alongside the relationship: resource:someresource#viewer@user:someuser[ip_allowlist:{"cidr": "1.2.3.0"}]
and then pass the user's current user_ip
in the CheckPermission
request