- add field AllowedRuleSet to SaveChangesRules

- change field `Action` field of `SaveChangesRules` to `Actions`

Author: Guido Zoli

CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- add field `AllowedRuleSet` to `SaveChangesRules` 
+- change field `Action` field of `SaveChangesRules` to `Actions`
+
 ## [v0.18.0] - 2025-06-03
 
 ### Changed

internal/cmd/company/rules/client_test.go

@@ -38,14 +38,21 @@ func TestClientListTenantRules(t *testing.T) {
 				"roleIds": ["maintainer"],
 				"disallowedRuleSet": [
 					{"jsonPath": "$.services.*.description"},
-					{"jsonPath": "$.services", "processingOptions": {"action": "create"}}
+					{"jsonPath": "$.services", "processingOptions": {"actions": ["create"]}}
 				]
 			},
 			{
 				"roleIds": ["developer"],
 				"disallowedRuleSet": [
 					{"ruleId": "endpoint.security.edit"}
 				]
+			},
+			{
+				"roleIds": ["some-role"],
+				"allowedRuleSet": [
+          { "jsonPath": "$.endpoints.*.public" },
+        	{ "jsonPath": "$.secrets", "processingOptions": { "actions": ["create"], "primaryKey": "clientType" }}
+				]
 			}
 		]
 	}
@@ -101,7 +108,7 @@ func TestClientListTenantRules(t *testing.T) {
 						RoleIDs: []string{"maintainer"},
 						DisallowedRuleSet: []rulesentities.RuleSet{
 							{JSONPath: "$.services.*.description"},
-							{JSONPath: "$.services", Options: &rulesentities.RuleOptions{Action: "create"}},
+							{JSONPath: "$.services", Options: &rulesentities.RuleOptions{Actions: []string{"create"}}},
 						},
 					},
 					{
@@ -110,6 +117,13 @@ func TestClientListTenantRules(t *testing.T) {
 							{RuleID: "endpoint.security.edit"},
 						},
 					},
+					{
+						RoleIDs: []string{"some-role"},
+						AllowedRuleSet: []rulesentities.RuleSet{
+							{JSONPath: "$.endpoints.*.public"},
+							{JSONPath: "$.secrets", Options: &rulesentities.RuleOptions{Actions: []string{"create"}, PrimaryKey: "clientType"}},
+						},
+					},
 				}, data)
 			}
 		})
@@ -126,7 +140,7 @@ func TestClientListProjectRules(t *testing.T) {
 				"roleIds": ["maintainer"],
 				"disallowedRuleSet": [
 					{"jsonPath": "$.services.*.description"},
-					{"jsonPath": "$.services", "processingOptions": {"action": "create"}}
+					{"jsonPath": "$.services", "processingOptions": {"actions":[ "create"]}}
 				]
 			},
 			{
@@ -135,6 +149,13 @@ func TestClientListProjectRules(t *testing.T) {
 					{"ruleId": "endpoint.security.edit"}
 				],
 				"isInheritedFromTenant": true
+			},
+			{
+				"roleIds": ["some-role"],
+				"allowedRuleSet": [
+          { "jsonPath": "$.endpoints.*.public" },
+        	{ "jsonPath": "$.secrets", "processingOptions": { "actions": ["create"], "primaryKey": "clientType" }}
+				]
 			}
 		]
 	}
@@ -190,7 +211,7 @@ func TestClientListProjectRules(t *testing.T) {
 						RoleIDs: []string{"maintainer"},
 						DisallowedRuleSet: []rulesentities.RuleSet{
 							{JSONPath: "$.services.*.description"},
-							{JSONPath: "$.services", Options: &rulesentities.RuleOptions{Action: "create"}},
+							{JSONPath: "$.services", Options: &rulesentities.RuleOptions{Actions: []string{"create"}}},
 						},
 					},
 					{
@@ -200,6 +221,13 @@ func TestClientListProjectRules(t *testing.T) {
 						},
 						IsInheritedFromTenant: true,
 					},
+					{
+						RoleIDs: []string{"some-role"},
+						AllowedRuleSet: []rulesentities.RuleSet{
+							{JSONPath: "$.endpoints.*.public"},
+							{JSONPath: "$.secrets", Options: &rulesentities.RuleOptions{Actions: []string{"create"}, PrimaryKey: "clientType"}},
+						},
+					},
 				}, data)
 			}
 		})

internal/resources/rules/rules.go

@@ -18,11 +18,13 @@ package rules
 type SaveChangesRules struct {
 	RoleIDs           []string  `yaml:"roleIds,omitempty" json:"roleIds,omitempty"` //nolint:tagliatelle
 	DisallowedRuleSet []RuleSet `yaml:"disallowedRuleSet,omitempty" json:"disallowedRuleSet,omitempty"`
+	AllowedRuleSet    []RuleSet `yaml:"allowedRuleSet,omitempty" json:"allowedRuleSet,omitempty"`
 }
 
 type ProjectSaveChangesRules struct {
 	RoleIDs               []string  `yaml:"roleIds,omitempty" json:"roleIds,omitempty"` //nolint:tagliatelle
 	DisallowedRuleSet     []RuleSet `yaml:"disallowedRuleSet,omitempty" json:"disallowedRuleSet,omitempty"`
+	AllowedRuleSet        []RuleSet `yaml:"allowedRuleSet,omitempty" json:"allowedRuleSet,omitempty"`
 	IsInheritedFromTenant bool      `yaml:"isInheritedFromTenant,omitempty" json:"isInheritedFromTenant,omitempty"`
 }
 
@@ -33,6 +35,6 @@ type RuleSet struct {
 }
 
 type RuleOptions struct {
-	Action     string `yaml:"action,omitempty" json:"action,omitempty"`
-	PrimaryKey string `yaml:"primaryKey,omitempty" json:"primaryKey,omitempty"`
+	Actions    []string `yaml:"actions,omitempty" json:"actions,omitempty"`
+	PrimaryKey string   `yaml:"primaryKey,omitempty" json:"primaryKey,omitempty"`
 }