demo set

set "demo set"
first or abstain errors propagate

policy "Change Resource Example"
permit
    action.http.contextPath == "/changedstring";
obligation
	{
		"type" 		: "logAccess",
		"message"	: ("User " + subject.name + " has accessed: " + action.http.requestedURI)
	}
transform "***" + resource + "***"

policy "Time based obligation and deny (1/3)"
permit
    action.http.contextPath == "/enforcetilldeny" |
    action.http.contextPath == "/enforcedropwhiledeny" |
    action.http.contextPath == "/enforcerecoverableifdeny";
    time.secondOf(<time.now>) < 20;
obligation
	{
		"type" 		: "logAccess",
		"message"	: "Time < 20"
	}

policy "Time based obligation and deny (2/3)"
permit
    action.http.contextPath == "/enforcetilldeny" |
    action.http.contextPath == "/enforcedropwhiledeny" |
    action.http.contextPath == "/enforcerecoverableifdeny";
    time.secondOf(<time.now>) < 40;
obligation
	{
		"type" 		: "logAccess",
		"message"	: "Time < 40"
	}

policy "Time based obligation and deny (3/3)"
deny
    action.http.contextPath == "/enforcetilldeny" |
    action.http.contextPath == "/enforcedropwhiledeny" |
    action.http.contextPath == "/enforcerecoverableifdeny";
    time.secondOf(<time.now>) < 60;
obligation
	{
		"type" 		: "logAccess",
		"message"	: "DENY ! Time < 60"
	}

policy "Permit Numbers"
permit
    action.http.contextPath == "/numbers";
obligation
	{
		"type"		: "sendEmail",
		"recipient"	: "Adam Admin <admin@example.com>",
		"subject"	: "Data was accessed.",
		"message"	: ("Administrator " + subject.name + " has accessed: " + action.http.requestedURI)
	}
advice
	{
		"type" 		: "logAccess",
		"message"	: ("User " + subject.name + " has accessed: " + action.http.requestedURI)
	}