fix: allow authenticated+authorized users to create Sparkles

author: mo khan <mo@mokhan.ca> 2025-07-10 14:58:52 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-10 14:58:52 -0600
commit: 5d7f37c6508c7308c17659630cff35f4ead6dae4 (patch)
tree: 5597bde87a964d0a2625dc71f5a4015968498eef /etc
parent: e92f15ef82339d4d9dc4a04f8dce2599b6ef10da (diff)
2 files changed, 14 insertions, 6 deletions
diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
index 2306aaae..15776ab7 100644
--- a/etc/authzd/policy1.cedar
+++ b/etc/authzd/policy1.cedar
@@ -16,3 +16,15 @@ when
       context.path == "/sparkles")) ||
     (context.method == "POST" && (context.path == "/sparkles/restore"))))
 };
+
+permit (
+  principal is User,
+  action == Action::"POST",
+  resource == Resource::"/sparkles"
+)
+when
+{
+  context has host &&
+  context.host == "sparkle.staging.runway.gitlab.net" &&
+  principal has username
+};
diff --git a/etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json b/etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
index ef479736..72d50bce 100644
--- a/etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
+++ b/etc/authzd/staging.gitlab.com/authorization/sparkle/team/entities.json
@@ -22,9 +22,7 @@
       "id": "1675940"
     },
     "attrs": {
-      "username": "mokhax",
-      "name": "mo khan",
-      "access_level": 50
+      "username": "mokhax"
     },
     "parents": []
   },
@@ -34,9 +32,7 @@
       "id": "1676317"
     },
     "attrs": {
-      "username": "jayswain",
-      "name": "Jay Swain",
-      "access_level": 30
+      "username": "jayswain"
     },
     "parents": []
   },
author	mo khan <mo@mokhan.ca>	2025-07-10 14:58:52 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-10 14:58:52 -0600
commit	5d7f37c6508c7308c17659630cff35f4ead6dae4 (patch)
tree	5597bde87a964d0a2625dc71f5a4015968498eef /etc
parent	e92f15ef82339d4d9dc4a04f8dce2599b6ef10da (diff)