From 56276ca9000d0ada5c6412fcb6437024ae6358d7 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Mon, 14 Jul 2025 15:16:46 -0600
Subject: feat: allow access to sparkle in development

---
 etc/authzd/policy1.cedar                     | 11 +++++++++++
 tests/authorization/cedar_authorizer_test.rs | 18 ++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/etc/authzd/policy1.cedar b/etc/authzd/policy1.cedar
index 15776ab7..6fe51b16 100644
--- a/etc/authzd/policy1.cedar
+++ b/etc/authzd/policy1.cedar
@@ -28,3 +28,14 @@ when
   context.host == "sparkle.staging.runway.gitlab.net" &&
   principal has username
 };
+
+permit (
+  principal == User::"1",
+  action == Action::"GET",
+  resource == Resource::"/dashboard"
+)
+when
+{
+  context has host &&
+  context.host == "localhost:10000"
+};
diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
index 7a99a7d9..58563832 100644
--- a/tests/authorization/cedar_authorizer_test.rs
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -128,4 +128,22 @@ mod tests {
         let authorizer = subject();
         assert_eq!(authorizer.authorize(request), true);
     }
+
+    #[test]
+    fn test_sparkle_dashboard() {
+        let request = build_request(|item: &mut HttpRequest| {
+            item.method = "GET".to_string();
+            item.path = "/dashboard".to_string();
+            item.host = "localhost:10000".to_string();
+            item.headers = build_headers(vec![
+                (String::from("x-jwt-claim-sub"), "1".to_string()),
+                (String::from(":path"), item.path.to_string()),
+                (String::from(":method"), item.method.to_string()),
+                (String::from(":authority"), item.host.to_string()),
+            ]);
+        });
+
+        let authorizer = subject();
+        assert_eq!(authorizer.authorize(request), true);
+    }
 }
-- 
cgit v1.2.3