From 1a944f44012989d625c499256bb71b4cb6236a64 Mon Sep 17 00:00:00 2001
From: Ahoo Wang <ahoowang@qq.com>
Date: Mon, 2 Jan 2023 15:04:31 +0800
Subject: [PATCH] add `Policy Schema` to README.md

---
 README.md                                 | 97 +++++++++++++++++++++++
 codecov.yml                               |  2 +-
 cosec-core/src/test/resources/policy.json | 34 +++++++-
 3 files changed, 130 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 75db6a51..abdaa98c 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,103 @@ RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.
 
 ![Gateway](document/design/assets/Gateway.svg)
 
+## Policy Schema
+
+[Policy Schema](document/cosec-policy.schema.json)
+
+```json
+{
+  "id": "2",
+  "name": "auth",
+  "category": "auth",
+  "description": "",
+  "type": "global",
+  "tenantId": "1",
+  "statements": [
+    {
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE"
+          ],
+          "pattern": "/user/{userId}/*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "authenticated"
+        },
+        {
+          "type": "in",
+          "part": "context.principal.id",
+          "in": [
+            "userId"
+          ]
+        }
+      ]
+    },
+    {
+      "effect": "deny",
+      "actions": [
+        {
+          "type": "all",
+          "methods": [
+            "GET"
+          ]
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "pattern": ".*"
+        },
+        {
+          "type": "path",
+          "pattern": "#{principal.id}.*"
+        },
+        {
+          "type": "reg",
+          "pattern": ".*"
+        },
+        {
+          "type": "reg",
+          "pattern": "#{principal.id}.*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "spel",
+          "pattern": "context.principal.id=='1'"
+        },
+        {
+          "type": "ognl",
+          "pattern": "path == \"auth/login\""
+        }
+      ]
+    }
+  ]
+}
+
+```
+
 ## Thanks
 
 CoSec permission policy design refers to [AWS IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) .
diff --git a/codecov.yml b/codecov.yml
index c41abd9d..9a246b2c 100644
--- a/codecov.yml
+++ b/codecov.yml
@@ -9,7 +9,7 @@ coverage:
         threshold: 1%
     project:
       default:
-        target: 60%
+        target: 80%
         threshold: 1%
 ignore:
   - "document/.*"
diff --git a/cosec-core/src/test/resources/policy.json b/cosec-core/src/test/resources/policy.json
index 39ce3e42..28f84e19 100644
--- a/cosec-core/src/test/resources/policy.json
+++ b/cosec-core/src/test/resources/policy.json
@@ -3,11 +3,41 @@
   "name": "auth",
   "category": "auth",
   "description": "",
-  "type": "system",
+  "type": "global",
   "tenantId": "1",
   "statements": [
     {
-      "effect": "allow"
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE"
+          ],
+          "pattern": "/user/{userId}/*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "authenticated"
+        },
+        {
+          "type": "in",
+          "part": "context.principal.id",
+          "in": [
+            "userId"
+          ]
+        }
+      ]
     },
     {
       "effect": "deny",