diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-05 17:49:59 -0700 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-05 17:49:59 -0700 |
| commit | e31ddc33417517fb754cbd7e13f8a13746bede02 (patch) | |
| tree | c60f1ceb3246e2acdb733af7f07a56f6ea7a8ea9 | |
| parent | 44ad2cca852adc6a344f4b357ff7727bb72c3a6c (diff) | |
feat: add declarative policy
| -rwxr-xr-x | bin/rpc | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -5,6 +5,7 @@ require "bundler/inline" gemfile do source "https://rubygems.org" + gem "declarative_policy", "~> 1.0" gem "grpc", "~> 1.0" gem "grpc-tools", "~> 1.0" gem "logger", "~> 1.0" @@ -15,12 +16,27 @@ $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path) require 'ability_services_pb' +class ProjectPolicy < DeclarativePolicy::Base + condition(:owner) { @subject.owner?(@user) } + + rule { owner }.enable :create_project +end + class AbilityHandler < ::Ability::Service def allowed(request, _call) puts [request, _call].inspect - # TODO:: entrypoint to declarative policies GRPC.logger.info([request, _call].inspect) + AllowReply.new(result: true) + # TODO:: entrypoint to declarative policies + # AllowReply.new(result: policy_for(request).can?(request.permission)) + end + + private + + def policy_for(request) + # TODO:: convert subject in form of GlobalID to Resource Type + DeclarativePolicy.policy_for(request.subject, request.resource) end end |