From f160106ceaaeb4bca1f9bc3976d875429430dd44 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 9 Jul 2025 11:52:48 -0600
Subject: test: define the types of scenarios that I want to cover using the
 x-jwt-claim-sub

---
 tests/authorization/cedar_authorizer_test.rs | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'tests/authorization')

diff --git a/tests/authorization/cedar_authorizer_test.rs b/tests/authorization/cedar_authorizer_test.rs
index 47dde0c8..0090f1a5 100644
--- a/tests/authorization/cedar_authorizer_test.rs
+++ b/tests/authorization/cedar_authorizer_test.rs
@@ -6,7 +6,11 @@ mod tests {
     use std::collections::HashMap;
 
     fn subject() -> authzd::CedarAuthorizer {
-        build_cedar_authorizer(cedar_policy::Entities::empty())
+        subject_with(cedar_policy::Entities::empty())
+    }
+
+    fn subject_with(entities: cedar_policy::Entities) -> authzd::CedarAuthorizer {
+        build_cedar_authorizer(entities)
     }
 
     #[test]
@@ -129,7 +133,26 @@ mod tests {
             item.method = "GET".to_string();
             item.path = "/dashboard".to_string();
             item.host = "sparkle.staging.runway.gitlab.net".to_string();
+            item.headers = build_headers(vec![
+                (String::from(":path"), item.path.to_string()),
+                (String::from(":method"), item.method.to_string()),
+                (String::from(":authority"), item.host.to_string()),
+                (
+                    String::from("x-jwt-claim-sub"),
+                    "gid://gitlab/User/1".to_string(),
+                ),
+            ]);
         });
-        assert!(subject().authorize(request));
+        let entities = cedar_policy::Entities::empty();
+        // TODO:: Add entities to represent access to:
+        // * list of sparkles: `:read, gid://sparkle/Sparkle/*`
+        // * single sparkle: `:read, gid://sparkle/Sparkle/:id`
+        // * create sparkle: `:create, gid://sparkle/Sparkle/*`
+        // * update sparkles: `:update, gid://sparkle/Sparkle/*`
+        // * update single sparkle: `:update, gid://sparkle/Sparkle/:id`
+        // * delete sparkles: `:delete, gid://sparkle/Sparkle/*`
+        // * delete single sparkle: `:delete, gid://sparkle/Sparkle/:id`
+        let authorizer = subject_with(entities);
+        assert!(authorizer.authorize(request));
     }
 }
-- 
cgit v1.2.3