my own policy

rbac.rego

@@ -1,41 +1,38 @@
-default allow = false
-
-allow {
-    input.role == "admin"
-}
-
-allow {
-    input.role == "moderator"
-    input.action == "create_post"
-}
-
-allow {
-    input.role == "moderator"
-    input.action == "edit_post"
-    input.post.author != input.user
+# Define the regions and the minimum required Karma for each permission level
+region_karma_requirements = {
+    "us-east-1": {"read": 10, "write": 50, "admin": 100},
+    "us-west-2": {"read": 5,  "write": 30, "admin": 90},
+    "eu-central-1": {"read": 20, "write": 60, "admin": 110},
+    "ap-southeast-1": {"read": 15, "write": 40, "admin": 95}
 }
 
-allow {
-    input.role == "general_user"
-    input.action == "create_post"
-    input.post.author == input.user
+# Mock data source for user Karma values
+user_karma = {
+    "user-1": 55,
+    "user-2": 45,
+    "user-3": 120
 }
 
-allow {
-    input.role == "general_user"
-    input.action == "read_post"
+# Mock data source for user region values
+user_region = {
+    "user-1": "us-east-1",
+    "user-2": "us-west-2",
+    "user-3": "eu-central-1"
 }
 
-allow {
-    input.role == "general_user"
-    input.post.author == input.user
-    input.action == "delete_post"
-    input.post.author == input.user
-}
+# Define the input structure
+# input: {
+#   "user": {
+#     "id": "user-1"
+#   },
+#   "requested_permission": "write"
+# }
 
+# Calculate whether the user has sufficient Karma for the requested permission
 allow {
-    input.role == "general_user"
-    input.post.author == input.user
-    input.action == "edit_post"
-    input.post.author == input.user
+    user_id := input.user.id
+    requested_permission := input.requested_permission
+    region := user_region[user_id]
+    required_karma := region_karma_requirements[region][requested_permission]
+    user_karma[user_id] >= required_karma
 }