diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-14 15:16:46 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-14 15:16:46 -0600 |
| commit | 56276ca9000d0ada5c6412fcb6437024ae6358d7 (patch) | |
| tree | f322e6785f63bcb290c4ff4977ba32b62e9b64c4 | |
| parent | ca96ce12f88b476c37cab853b62c0d603f073ec3 (diff) | |
feat: allow access to sparkle in development
| -rw-r--r-- | etc/authzd/policy1.cedar | 11 | ||||
| -rw-r--r-- | tests/authorization/cedar_authorizer_test.rs | 18 |
2 files changed, 29 insertions, 0 deletions
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar index 15776ab7..6fe51b16 100644 --- a/etc/authzd/policy1.cedar +++ b/etc/authzd/policy1.cedar @@ -28,3 +28,14 @@ when context.host == "sparkle.staging.runway.gitlab.net" && principal has username }; + +permit ( + principal == User::"1", + action == Action::"GET", + resource == Resource::"/dashboard" +) +when +{ + context has host && + context.host == "localhost:10000" +}; diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs index 7a99a7d9..58563832 100644 --- a/tests/authorization/cedar_authorizer_test.rs +++ b/tests/authorization/cedar_authorizer_test.rs @@ -128,4 +128,22 @@ mod tests { let authorizer = subject(); assert_eq!(authorizer.authorize(request), true); } + + #[test] + fn test_sparkle_dashboard() { + let request = build_request(|item: &mut HttpRequest| { + item.method = "GET".to_string(); + item.path = "/dashboard".to_string(); + item.host = "localhost:10000".to_string(); + item.headers = build_headers(vec![ + (String::from("x-jwt-claim-sub"), "1".to_string()), + (String::from(":path"), item.path.to_string()), + (String::from(":method"), item.method.to_string()), + (String::from(":authority"), item.host.to_string()), + ]); + }); + + let authorizer = subject(); + assert_eq!(authorizer.authorize(request), true); + } } |