1 files changed, 12 insertions, 3 deletions

diff --git a/src/authorization/entities.rs b/src/authorization/entities.rs
index c2e56bd7..a26cace2 100644
--- a/src/authorization/entities.rs
+++ b/src/authorization/entities.rs
@@ -3,6 +3,10 @@ use serde::Serialize;
 use std::collections::HashSet;
 
 // Cedar entity structures
+// Note: We define custom types instead of using cedar_policy::Entity directly because:
+// 1. Cedar's Entity type is for runtime use, not JSON serialization
+// 2. These types ensure our JSON output matches Cedar's expected format exactly
+// 3. The #[serde(rename)] attributes handle Cedar's specific field naming requirements
 #[derive(Debug, Serialize)]
 pub struct CedarEntity {
     pub uid: CedarUid,
@@ -62,9 +66,7 @@ impl EntitiesRepository {
             },
         });
 
-        let members = self.api.get_project_members(project.id).await?;
-
-        for member in members {
+        for member in self.api.get_project_members(project.id).await? {
             if member.state == "active" {
                 entities.push(CedarEntity {
                     uid: CedarUid {
@@ -89,6 +91,13 @@ impl EntitiesRepository {
         Ok(entities)
     }
 
+    /// Validates that the entities can be parsed by Cedar
+    pub fn is_valid(entities: &[CedarEntity]) -> Result<(), Box<dyn std::error::Error>> {
+        let json = serde_json::to_string(entities)?;
+        cedar_policy::Entities::from_json_str(&json, None)?;
+        Ok(())
+    }
+
     fn fetch_hierarchy<'a>(
         &'a self,
         group_id: u64,