refactor: switch from casbin to cedar

3 files changed, 6 insertions, 6 deletions

diff --git a/pkg/app/app.go b/pkg/app/app.go
index a8dedc10..22fedcb7 100644
--- a/pkg/app/app.go
+++ b/pkg/app/app.go
@@ -7,7 +7,7 @@ import (
 )
 
 func Start(bindAddr string) error {
-	mux := authz.HTTP(authz.WithCasbin(), Routes())
+	mux := authz.HTTP(authz.WithCedar(), Routes())
 	return srv.Run(cfg.New(
 		bindAddr,
 		cfg.WithMux(mux),
diff --git a/pkg/policies/organization.cedar b/pkg/policies/organization.cedar
index 8ac143c1..a853f4e4 100644
--- a/pkg/policies/organization.cedar
+++ b/pkg/policies/organization.cedar
@@ -1,5 +1,5 @@
 permit (
   principal == User::"1",
   action == Permission::"read",
-  resource in Organization::"2"
+  resource == Organization::"2"
 );
diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go
index 66a177d5..da60f86a 100644
--- a/pkg/rpc/server_test.go
+++ b/pkg/rpc/server_test.go
@@ -43,9 +43,9 @@ func TestServer(t *testing.T) {
 
 	t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
 		reply, err := client.Allowed(t.Context(), &AllowRequest{
-			Subject:    "gid://User/alice",
+			Subject:    "gid://example/User/alice",
 			Permission: "view",
-			Resource:   "gid://Album/jane_vacation",
+			Resource:   "gid://example/Album/jane_vacation",
 		})
 		require.NoError(t, err)
 		assert.True(t, reply.Result)
@@ -53,9 +53,9 @@ func TestServer(t *testing.T) {
 
 	t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
 		reply, err := client.Allowed(t.Context(), &AllowRequest{
-			Subject:    "gid://User/1",
+			Subject:    "gid://example/User/1",
 			Permission: "read",
-			Resource:   "gid://Organization/2",
+			Resource:   "gid://example/Organization/2",
 		})
 		require.NoError(t, err)
 		assert.True(t, reply.Result)