summaryrefslogtreecommitdiff
path: root/app/services/ability.go
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/ability.go')
-rw-r--r--app/services/ability.go27
1 files changed, 27 insertions, 0 deletions
diff --git a/app/services/ability.go b/app/services/ability.go
new file mode 100644
index 00000000..871a9a9b
--- /dev/null
+++ b/app/services/ability.go
@@ -0,0 +1,27 @@
+package services
+
+import (
+ context "context"
+
+ "github.com/cedar-policy/cedar-go"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/rpc"
+)
+
+type AbilityService struct {
+}
+
+func NewAbilityService() *AbilityService {
+ return &AbilityService{}
+}
+
+func (h *AbilityService) Allowed(ctx context.Context, req *rpc.AllowRequest) (*rpc.AllowReply, error) {
+ ok := policies.Allowed(cedar.Request{
+ Principal: gid.NewEntityUID(req.Subject),
+ Action: cedar.NewEntityUID("Permission", cedar.String(req.Permission)),
+ Resource: gid.NewEntityUID(req.Resource),
+ Context: cedar.NewRecord(cedar.RecordMap{}),
+ })
+ return &rpc.AllowReply{Result: ok}, nil
+}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-03 01:29:33 +0000