Skip to content

Add policy CRUD endpoints with validation #45

Description

@Lakes41

Difficulty: Hard

Type: Feature

Summary

Add API endpoints for creating, updating, listing, and archiving access policies. This allows admin tools to manage policies without editing seed data or database records manually.

Current Behaviour

Policies are evaluated by the policy engine, but there is no complete admin API for policy management.

Expected Behaviour

Authorised admins should be able to manage policies through validated endpoints that enforce community and resource scoping.

Suggested Implementation

Create a policy service and route group under apps/access-api. Validate rule type, policy parameters, resource ID, community ID, and archived state. Update shared types and sdk-lite methods for client access.

Files or Areas Likely Affected

  • apps/access-api/src/routes.ts
  • apps/access-api/src/services/policyService.ts
  • apps/access-api/prisma/schema.prisma
  • packages/policy-engine/src/index.ts
  • packages/shared-types/src/index.ts
  • packages/sdk-lite/src/index.ts

Acceptance Criteria

  • Admins can list policies for a community
  • Admins can create a policy for a registered resource
  • Admins can update supported policy fields
  • Admins can archive a policy without deleting history
  • Invalid rule parameters are rejected before persistence
  • Tests cover valid policies, invalid policies, archive behaviour, and unauthorised access

Additional Notes

This should build on the structured policy model rather than replacing it.

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official Campaign

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions