Axiomatics - condition editor

Question

I have a subject like "accessTo" = ["123", "123-edit"] and a resource like "interestedId" = "123"

Now I'm trying to write a condition - where it checks "interestedId" concatenated with "-edit" equals "123-edit" in "AccessTo".

Im trying to write rule like this

anyOfAny_xacml1(function[stringEqual], "accessTo", "interestedId"+"-edit") 

It is not allowing to do this.

Any help is appreciated.

Answer 1

Since Axiomatics products are compliant with XACML specification, all attributes by default are assumed to contain multiple values(called as 'bags').

So if you would like to append a string to an attribute use stringOneAndOnly XACML function for the attribute to indicate that the attribute can have only one value.

So assuming you mean accessTo has attribute ID as Attributes.access_subject.subject_id, interestedId has the attribute ID as Attributes.resource.resource_id and anyOfAny_xacml1 is equivalent to anyOfAny XACML function, the resulting condition would look like,

anyOfAny(function[stringEqual], Attributes.access_subject.subject_id, stringOneAndOnly(Attributes.resource.resource_id) + "-edit")

Answer 2

In addition to the answer from Keerthi S ...

If you know there should only be one value of interestedId then you can do this to prevent the indeterminate from happening:

stringBagSize(interestedId) == 1 && anyOfAny(function[stringEqual], accessTo, stringOneAndOnly(interestedId) + "-edit")

If more than value is present then evaluation stops prior to reaching the function that expects only one value. This condition would return false if more than one value is present.

On the other hand if interestedId can have multiple values then this would work:

anyOfAny(function[stringEqual], accessTo, map(function[stringConcatenate],interestedId, "-edit"))

The map function will apply the stringConcatenate function to all values in the bag.