refactor: connect logging to http requests

1 files changed, 27 insertions, 0 deletions

diff --git a/app/services/ability.go b/app/services/ability.go
new file mode 100644
index 00000000..871a9a9b
--- /dev/null
+++ b/app/services/ability.go
@@ -0,0 +1,27 @@
+package services
+
+import (
+	context "context"
+
+	"github.com/cedar-policy/cedar-go"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/rpc"
+)
+
+type AbilityService struct {
+}
+
+func NewAbilityService() *AbilityService {
+	return &AbilityService{}
+}
+
+func (h *AbilityService) Allowed(ctx context.Context, req *rpc.AllowRequest) (*rpc.AllowReply, error) {
+	ok := policies.Allowed(cedar.Request{
+		Principal: gid.NewEntityUID(req.Subject),
+		Action:    cedar.NewEntityUID("Permission", cedar.String(req.Permission)),
+		Resource:  gid.NewEntityUID(req.Resource),
+		Context:   cedar.NewRecord(cedar.RecordMap{}),
+	})
+	return &rpc.AllowReply{Result: ok}, nil
+}