diff options
Diffstat (limited to 'app/services')
| -rw-r--r-- | app/services/ability.go | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/app/services/ability.go b/app/services/ability.go new file mode 100644 index 00000000..871a9a9b --- /dev/null +++ b/app/services/ability.go @@ -0,0 +1,27 @@ +package services + +import ( + context "context" + + "github.com/cedar-policy/cedar-go" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/rpc" +) + +type AbilityService struct { +} + +func NewAbilityService() *AbilityService { + return &AbilityService{} +} + +func (h *AbilityService) Allowed(ctx context.Context, req *rpc.AllowRequest) (*rpc.AllowReply, error) { + ok := policies.Allowed(cedar.Request{ + Principal: gid.NewEntityUID(req.Subject), + Action: cedar.NewEntityUID("Permission", cedar.String(req.Permission)), + Resource: gid.NewEntityUID(req.Resource), + Context: cedar.NewRecord(cedar.RecordMap{}), + }) + return &rpc.AllowReply{Result: ok}, nil +} |