package users
import future.keywords.in

default allow = false
allow {
    input.auth.privilege == "admin"
}

allow {
    input.scope == "list"
}

allow {
    input.scope in { "update", "delete", "view" }
    input.resource.id == input.auth.user.id
}