From 3f54e2fc59f21029813863491b37e39bb6015115 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 2 Apr 2025 11:23:47 -0600
Subject: refactor: move policies and entities in policies package

---
 pkg/rpc/ability_handler.go | 26 --------------------------
 pkg/rpc/ability_service.go | 26 ++++++++++++++++++++++++++
 pkg/rpc/server_test.go     | 12 +++++++++++-
 3 files changed, 37 insertions(+), 27 deletions(-)
 delete mode 100644 pkg/rpc/ability_handler.go
 create mode 100644 pkg/rpc/ability_service.go

(limited to 'pkg/rpc')

diff --git a/pkg/rpc/ability_handler.go b/pkg/rpc/ability_handler.go
deleted file mode 100644
index bf299da9..00000000
--- a/pkg/rpc/ability_handler.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package rpc
-
-import (
-	context "context"
-
-	"github.com/cedar-policy/cedar-go"
-	"gitlab.com/mokhax/spike/pkg/policies"
-)
-
-type AbilityService struct {
-	UnimplementedAbilityServer
-}
-
-func NewAbilityService() *AbilityService {
-	return &AbilityService{}
-}
-
-func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
-	ok := policies.Allowed(cedar.Request{
-		Principal: cedar.NewEntityUID("User", cedar.String(req.Subject)),
-		Action:    cedar.NewEntityUID("Action", cedar.String(req.Permission)),
-		Resource:  cedar.NewEntityUID("Album", cedar.String(req.Resource)),
-		Context:   cedar.NewRecord(cedar.RecordMap{}),
-	})
-	return &AllowReply{Result: ok}, nil
-}
diff --git a/pkg/rpc/ability_service.go b/pkg/rpc/ability_service.go
new file mode 100644
index 00000000..bf299da9
--- /dev/null
+++ b/pkg/rpc/ability_service.go
@@ -0,0 +1,26 @@
+package rpc
+
+import (
+	context "context"
+
+	"github.com/cedar-policy/cedar-go"
+	"gitlab.com/mokhax/spike/pkg/policies"
+)
+
+type AbilityService struct {
+	UnimplementedAbilityServer
+}
+
+func NewAbilityService() *AbilityService {
+	return &AbilityService{}
+}
+
+func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
+	ok := policies.Allowed(cedar.Request{
+		Principal: cedar.NewEntityUID("User", cedar.String(req.Subject)),
+		Action:    cedar.NewEntityUID("Action", cedar.String(req.Permission)),
+		Resource:  cedar.NewEntityUID("Album", cedar.String(req.Resource)),
+		Context:   cedar.NewRecord(cedar.RecordMap{}),
+	})
+	return &AllowReply{Result: ok}, nil
+}
diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go
index 266f1434..8f333a5b 100644
--- a/pkg/rpc/server_test.go
+++ b/pkg/rpc/server_test.go
@@ -41,7 +41,7 @@ func TestServer(t *testing.T) {
 		assert.False(t, reply.Result)
 	})
 
-	t.Run("returns true", func(t *testing.T) {
+	t.Run("returns true for alice:view:jane_vacation", func(t *testing.T) {
 		reply, err := client.Allowed(t.Context(), &AllowRequest{
 			Subject:    "alice",
 			Permission: "view",
@@ -50,4 +50,14 @@ func TestServer(t *testing.T) {
 		require.NoError(t, err)
 		assert.True(t, reply.Result)
 	})
+
+	t.Run("returns gid://User/1:read_projects:gid://Organization/1", func(t *testing.T) {
+		reply, err := client.Allowed(t.Context(), &AllowRequest{
+			Subject:    "gid://User/1",
+			Permission: "read_projects",
+			Resource:   "gid://Organization/1",
+		})
+		require.NoError(t, err)
+		assert.True(t, reply.Result)
+	})
 }
-- 
cgit v1.2.3