blob: db2e8fabd7b511c6dd18f2cea0c65e634b81d1a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
package rpc
import (
context "context"
"github.com/cedar-policy/cedar-go"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/gid"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authz.d/pkg/policies"
)
type AbilityService struct {
}
func NewAbilityService() *AbilityService {
return &AbilityService{}
}
func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
ok := policies.Allowed(cedar.Request{
Principal: gid.NewEntityUID(req.Subject),
Action: cedar.NewEntityUID("Permission", cedar.String(req.Permission)),
Resource: gid.NewEntityUID(req.Resource),
Context: cedar.NewRecord(cedar.RecordMap{}),
})
return &AllowReply{Result: ok}, nil
}
|
