diff options
| -rwxr-xr-x | bin/idp | 9 | ||||
| -rw-r--r-- | pkg/app/app.go | 2 | ||||
| -rw-r--r-- | pkg/policies/organization.cedar | 2 | ||||
| -rw-r--r-- | pkg/rpc/server_test.go | 8 | ||||
| -rw-r--r-- | test/e2e_test.go | 2 |
5 files changed, 15 insertions, 8 deletions
@@ -167,7 +167,14 @@ module Authn end def to_global_id - ::GlobalID.create(self, app: "example").to_s + ::GlobalID.new( + ::URI::GID.build( + app: "example", + model_name: "User", + model_id: id, + params: {} + ) + ).to_s end end diff --git a/pkg/app/app.go b/pkg/app/app.go index a8dedc10..22fedcb7 100644 --- a/pkg/app/app.go +++ b/pkg/app/app.go @@ -7,7 +7,7 @@ import ( ) func Start(bindAddr string) error { - mux := authz.HTTP(authz.WithCasbin(), Routes()) + mux := authz.HTTP(authz.WithCedar(), Routes()) return srv.Run(cfg.New( bindAddr, cfg.WithMux(mux), diff --git a/pkg/policies/organization.cedar b/pkg/policies/organization.cedar index 8ac143c1..a853f4e4 100644 --- a/pkg/policies/organization.cedar +++ b/pkg/policies/organization.cedar @@ -1,5 +1,5 @@ permit ( principal == User::"1", action == Permission::"read", - resource in Organization::"2" + resource == Organization::"2" ); diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go index 66a177d5..da60f86a 100644 --- a/pkg/rpc/server_test.go +++ b/pkg/rpc/server_test.go @@ -43,9 +43,9 @@ func TestServer(t *testing.T) { t.Run("allows alice:view:jane_vacation", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "gid://User/alice", + Subject: "gid://example/User/alice", Permission: "view", - Resource: "gid://Album/jane_vacation", + Resource: "gid://example/Album/jane_vacation", }) require.NoError(t, err) assert.True(t, reply.Result) @@ -53,9 +53,9 @@ func TestServer(t *testing.T) { t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "gid://User/1", + Subject: "gid://example/User/1", Permission: "read", - Resource: "gid://Organization/2", + Resource: "gid://example/Organization/2", }) require.NoError(t, err) assert.True(t, reply.Result) diff --git a/test/e2e_test.go b/test/e2e_test.go index d51dece8..a36049e3 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -322,7 +322,7 @@ func TestAuthx(t *testing.T) { claims := x.Must(serde.FromJSON[map[string]interface{}](response.Body)) assert.Equal(t, true, claims["active"]) - assert.Equal(t, "gid://example/Authn::User/1", claims["sub"]) + assert.Equal(t, "gid://example/User/1", claims["sub"]) }) }) }) |