add an example of nested maps and arrays

biscuit-auth/examples/testcases.rs

@@ -2163,6 +2163,8 @@ fn array_map(target: &str, root: &KeyPair, test: bool) -> TestResult {
         check if { "a": 1 , "b": 2, 1: "A" }.get(2) == null;
         check if { "a": 1 , "b": 2 }.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3 );
         check if { "a": 1 , "b": 2, 1: "A" }.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A" );
+        // nesting
+        check if { "user": { "id": 1, "roles": ["admin"] } }.get("user").get("roles").contains("admin");
     "#
     )
     .build_with_rng(&root, SymbolTable::default(), &mut rng)

biscuit-auth/samples/README.md

@@ -2873,7 +2873,7 @@ result: `Err(Execution(ShadowedVariable))`
 ### token
 
 authority:
-symbols: ["a", "b", "c", "p", "d", "A", "kv"]
+symbols: ["a", "b", "c", "p", "d", "A", "kv", "id", "roles"]
 
 public keys: []
 
@@ -2898,6 +2898,7 @@ check if {1: "A", "a": 1, "b": 2}.get("c") == null;
 check if {1: "A", "a": 1, "b": 2}.get(2) == null;
 check if {"a": 1, "b": 2}.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3);
 check if {1: "A", "a": 1, "b": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A");
+check if {"user": {"id": 1, "roles": ["admin"]}}.get("user").get("roles").contains("admin");
 ```
 
 ### validation
@@ -2908,7 +2909,7 @@ allow if true;
 ```
 
 revocation ids:
-- `724dd2068fa72d515cbc29894b81e8e64878b45f35755a52fd77bbf0bd2df3bc14b88033ee6b8255e3e79dc253947a6621d3ca7e6427e3f8f29888588b0a6907`
+- `7096e2ad9ad5dcae778cea1cee800ffc38017196e56aed693810d0933bcecc804a723768c3b494fa23d99be59ca3588bfa806e3fe2dac29d0ca9e452b69ead09`
 
 authorizer world:
 ```
@@ -2934,6 +2935,7 @@ World {
             "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\")",
             "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4",
             "check if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3)",
+            "check if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\")",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\")",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null",

biscuit-auth/samples/samples.json

@@ -2702,11 +2702,13 @@
             "p",
             "d",
             "A",
-            "kv"
+            "kv",
+            "id",
+            "roles"
           ],
           "public_keys": [],
           "external_key": null,
-          "code": "check if [1, 2, 1].length() == 3;\ncheck if [\"a\", \"b\"] != [1, 2, 3];\ncheck if [\"a\", \"b\"] == [\"a\", \"b\"];\ncheck if [\"a\", \"b\", \"c\"].contains(\"c\");\ncheck if [1, 2, 3].starts_with([1, 2]);\ncheck if [4, 5, 6].ends_with([6]);\ncheck if [1, 2, \"a\"].get(2) == \"a\";\ncheck if [1, 2].get(3) == null;\ncheck if [1, 2, 3].all($p -> $p > 0);\ncheck if [1, 2, 3].any($p -> $p > 2);\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4;\ncheck if {1: \"a\", 2: \"b\"} != {\"a\": 1, \"b\": 2};\ncheck if {1: \"a\", 2: \"b\"} == {1: \"a\", 2: \"b\"};\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\");\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(1) == \"A\";\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(2) == null;\ncheck if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3);\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\");\n"
+          "code": "check if [1, 2, 1].length() == 3;\ncheck if [\"a\", \"b\"] != [1, 2, 3];\ncheck if [\"a\", \"b\"] == [\"a\", \"b\"];\ncheck if [\"a\", \"b\", \"c\"].contains(\"c\");\ncheck if [1, 2, 3].starts_with([1, 2]);\ncheck if [4, 5, 6].ends_with([6]);\ncheck if [1, 2, \"a\"].get(2) == \"a\";\ncheck if [1, 2].get(3) == null;\ncheck if [1, 2, 3].all($p -> $p > 0);\ncheck if [1, 2, 3].any($p -> $p > 2);\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4;\ncheck if {1: \"a\", 2: \"b\"} != {\"a\": 1, \"b\": 2};\ncheck if {1: \"a\", 2: \"b\"} == {1: \"a\", 2: \"b\"};\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\");\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(1) == \"A\";\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(2) == null;\ncheck if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3);\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\");\ncheck if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\");\n"
         }
       ],
       "validations": {
@@ -2731,6 +2733,7 @@
                   "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\")",
                   "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4",
                   "check if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3)",
+                  "check if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\")",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\")",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null",
@@ -2750,7 +2753,7 @@
           },
           "authorizer_code": "allow if true;\n",
           "revocation_ids": [
-            "724dd2068fa72d515cbc29894b81e8e64878b45f35755a52fd77bbf0bd2df3bc14b88033ee6b8255e3e79dc253947a6621d3ca7e6427e3f8f29888588b0a6907"
+            "7096e2ad9ad5dcae778cea1cee800ffc38017196e56aed693810d0933bcecc804a723768c3b494fa23d99be59ca3588bfa806e3fe2dac29d0ca9e452b69ead09"
           ]
         }
       }