refactor: extract method to parse permission

1 files changed, 12 insertions, 6 deletions

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 1780eddd..6f5b8e63 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -126,11 +126,7 @@ impl CedarAuthorizer {
         http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
     ) -> Result<CedarRequest, Box<dyn std::error::Error>> {
         let principal = self.principal_from(&http_request)?;
-
-        // Create action entity
-        let action_id = EntityId::from_str("check")?;
-        let action_type = EntityTypeName::from_str("Action")?;
-        let action = EntityUid::from_type_name_and_id(action_type, action_id);
+        let permission = self.permission_from(&http_request)?;
 
         // Create resource entity
         let resource_id = EntityId::from_str("resource")?;
@@ -138,7 +134,7 @@ impl CedarAuthorizer {
         let resource = EntityUid::from_type_name_and_id(resource_type, resource_id);
 
         let context = self.context_from(http_request);
-        CedarRequest::new(principal, action, resource, context?, None)
+        CedarRequest::new(principal, permission, resource, context?, None)
             .map_err(|e| Box::new(e) as Box<dyn std::error::Error>)
     }
 
@@ -152,6 +148,16 @@ impl CedarAuthorizer {
         Ok(principal)
     }
 
+    fn permission_from(
+        &self,
+        _http_request: &envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
+    ) -> Result<cedar_policy::EntityUid, Box<dyn std::error::Error>> {
+        let action_id = EntityId::from_str("check")?;
+        let action_type = EntityTypeName::from_str("Action")?;
+        let action = EntityUid::from_type_name_and_id(action_type, action_id);
+        Ok(action)
+    }
+
     fn context_from(
         &self,
         http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,