pkg/rpc/ability_service.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

package rpc

import (
	context "context"

	"github.com/cedar-policy/cedar-go"
	"gitlab.com/mokhax/spike/pkg/gid"
	"gitlab.com/mokhax/spike/pkg/policies"
)

type AbilityService struct {
	UnimplementedAbilityServer
}

func NewAbilityService() *AbilityService {
	return &AbilityService{}
}

func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
	ok := policies.Allowed(cedar.Request{
		Principal: gid.NewEntityUID(req.Subject),
		Action:    cedar.NewEntityUID("Permission", cedar.String(req.Permission)),
		Resource:  gid.NewEntityUID(req.Resource),
		Context:   cedar.NewRecord(cedar.RecordMap{}),
	})
	return &AllowReply{Result: ok}, nil
}