refactor: Update RequirePermission middleware to connect to spicedb CheckPermission API

1 files changed, 5 insertions, 6 deletions

diff --git a/app/middleware/require_permission.go b/app/middleware/require_permission.go
index 563278e..a10a9b6 100644
--- a/app/middleware/require_permission.go
+++ b/app/middleware/require_permission.go
@@ -3,27 +3,26 @@ package middleware
 import (
 	"net/http"
 
-	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd.git/pkg/rpc"
+	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/authz"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
 )
 
-func RequirePermission(permission Permission, ability rpc.Ability) func(http.Handler) http.Handler {
+func RequirePermission(permission Permission, client authz.CheckPermission) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user := cfg.CurrentUser.From(r.Context())
 
-			reply, err := ability.Allowed(r.Context(),
-				permission.RequestFor(user, &domain.Sparkle{ID: "*"}),
-			)
+			reply, err := client.CheckPermission(r.Context(), permission.RequestFor(user, &domain.Sparkle{ID: "*"}))
 			if err != nil {
 				pls.LogError(r.Context(), err)
 				w.WriteHeader(http.StatusForbidden)
 				return
 			}
 
-			if reply.Result {
+			if reply.Permissionship == v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION {
 				next.ServeHTTP(w, r)
 			} else {
 				w.WriteHeader(http.StatusForbidden)