1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/usr/bin/env ruby
require "bundler/inline"
gemfile do
source "https://rubygems.org"
gem "declarative_policy", "~> 1.0"
gem "grpc", "~> 1.0"
gem "grpc-tools", "~> 1.0"
gem "logger", "~> 1.0"
end
lib_path = Pathname.new(__FILE__).parent.parent.join('lib').realpath.to_s
$LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
require 'ability_services_pb'
class ProjectPolicy < DeclarativePolicy::Base
condition(:owner) { @subject.owner?(@user) }
rule { owner }.enable :create_project
end
class AbilityHandler < ::Ability::Service
def allowed(request, _call)
puts [request, _call].inspect
GRPC.logger.info([request, _call].inspect)
AllowReply.new(result: true)
# TODO:: entrypoint to declarative policies
# AllowReply.new(result: policy_for(request).can?(request.permission))
end
private
def policy_for(request)
# TODO:: convert subject in form of GlobalID to Resource Type
DeclarativePolicy.policy_for(request.subject, request.resource)
end
end
host = ENV.fetch("HOST", "localhost")
port = ENV.fetch("PORT", "50051")
bind_addr = "#{host}:#{port}"
server = GRPC::RpcServer.new
server.add_http2_port(bind_addr, :this_port_is_insecure)
GRPC.logger = Logger.new($stderr, level: :debug)
GRPC.logger.info("... running insecurely on #{bind_addr}")
server.handle(AbilityHandler.new)
server.run_till_terminated_or_interrupted([1, 'int', 'SIGQUIT'])
|
