==================
IP-based access example
==================

model
	schema 1.1

type user

type organization
relations
  define member : [user]
  define ip_based_access_policy : [organization#member with in_company_network]

type document
relations
  define organization : [organization]      
  define viewer: [user]
  define can_view: viewer and ip_based_access_policy from organization

condition in_company_network(user_ip: ipaddress, cidr: string) {
  user_ip.in_cidr(cidr)
}

---

(source_file
  (model
    (schema
      (version)))
  (type_declaration
    (identifier))
  (type_declaration
    (identifier)
    (relations
      (definition
        (identifier)
        (relation_def
          (direct_relationship
            (identifier))))
      (definition
        (identifier)
        (relation_def
          (direct_relationship
            (relation_ref
              (identifier)
              (identifier))
            (conditional
              (identifier)))))))
  (type_declaration
    (identifier)
    (relations
      (definition
        (identifier)
        (relation_def
          (direct_relationship
            (identifier))))
      (definition
        (identifier)
        (relation_def
          (direct_relationship
            (identifier))))
      (definition
        (identifier)
        (relation_def
          (identifier)
          (operator)
          (indirect_relation
            (identifier)
            (identifier))))))
  (condition_declaration
    (identifier)
    (param
      (identifier)
      (type_identifier))
    (param
      (identifier)
      (type_identifier))
    (condition_body
      (call_expression
        (selector_expression
          (identifier)
          (identifier))
        (argument_list
          (identifier))))))
