urn_policy_banking-demo_bankuser_alt.xml 3.93 KB
Newer Older
Raj Shah's avatar
Raj Shah committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<policy id='urn:policy:banking-demo:bankuser' description='The email will be hidden if a banker request the customer details'
   xmlns='http://www.iese.fraunhofer.de/ind2uce/3.0.25/enforcementLanguage'
   xmlns:tns='http://www.iese.fraunhofer.de/ind2uce/3.0.25/enforcementLanguage'
   xmlns:param='http://www.iese.fraunhofer.de/ind2uce/3.0.25/param'
   xmlns:pip='http://www.iese.fraunhofer.de/ind2uce/3.0.25/pip'
   xmlns:function='http://www.iese.fraunhofer.de/ind2uce/3.0.25/function'
   xmlns:constant='http://www.iese.fraunhofer.de/ind2uce/3.0.25/constant'
   xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'>
   <preventiveMechanism>
      <event action='urn:action:banking-demo:get-bankuser'/>
      <condition>
         <or>
            <function:equals>
               <pip:string method='urn:info:banking-demo:checkRole' default=''>
                  <param:long name='loggedUser'/>
               </pip:string>
               <constant:string value='DENY'/>
            </function:equals>
            <function:equals>
               <pip:string method='urn:info:banking-demo:getBasicCustomerPolicyState' default=''>
                  <param:long name='customerId'/>
                  <param:string name='policyURN' value='urn:policy:banking-demo:bankuser'/>
               </pip:string>
               <constant:string value='DENY'/>
            </function:equals>
         </or>
      </condition>
      <authorizationDecision>
         <allow>
            <modify>
               <param:event name='user' expression='$.email'>
                  <function:engine method='delete'/>
               </param:event>
            </modify>
         </allow>
         <executeAction name='urn:action:banking-demo:logNotification'>
            <param:string name='message' value='Email inhibited from user'/>
         </executeAction>
      </authorizationDecision>
   </preventiveMechanism>
   <preventiveMechanism>
      <event action='urn:action:banking-demo:get-bankuser'/>
      <condition>
         <and>
            <function:equals>
               <pip:string method='urn:info:banking-demo:checkRole' default=''>
                  <param:long name='loggedUser'/>
               </pip:string>
               <constant:string value='MODIFY'/>
            </function:equals>
            <function:equals>
               <pip:string method='urn:info:banking-demo:getBasicCustomerPolicyState' default=''>
                  <param:long name='customerId'/>
                  <param:string name='policyURN' value='urn:policy:banking-demo:bankuser'/>
               </pip:string>
               <constant:string value='MODIFY'/>
            </function:equals>
         </and>
      </condition>
      <authorizationDecision>
         <allow>
            <modify>
               <param:event name='user' expression='$.email'>
                  <function:engine method='anagram'>
                     <param:int name='percentage' value='100'/>
                  </function:engine>
               </param:event>
            </modify>
         </allow>
      </authorizationDecision>
   </preventiveMechanism>
   <preventiveMechanism>
      <event action='urn:action:banking-demo:get-bankusers'/>
      <condition>
         <or>
            <function:equals>
               <pip:string method='urn:info:banking-demo:checkRole' default=''>
                  <param:long name='loggedUser'/>
               </pip:string>
               <constant:string value='ALLOW'/>
            </function:equals>
            <function:equals>
               <pip:string method='urn:info:banking-demo:getCustomerPolicyState' default=''>
                  <param:long name='customerId'/>
                  <param:string name='policyURN' value='urn:policy:banking-demo:bankusers'/>
               </pip:string>
               <constant:string value='ALLOW'/>
            </function:equals>
         </or>
      </condition>
      <authorizationDecision>
         <allow/>
      </authorizationDecision>
   </preventiveMechanism>
</policy>