summaryrefslogtreecommitdiff
path: root/app/middleware
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-07-23 12:40:12 -0600
committermo khan <mo@mokhan.ca>2025-07-23 12:40:12 -0600
commitd2ebd0a9afed57ba11f053266e6ae1edb84a0f36 (patch)
treeeb547006085f2549f2cea5773c1ec75dba47bfd0 /app/middleware
parent9674cfaedfdb8d583cfe75e1c1738a1c1d66c7f9 (diff)
feat: authorize requests to create sparkles
Diffstat (limited to 'app/middleware')
-rw-r--r--app/middleware/permission.go26
-rw-r--r--app/middleware/require_permission.go2
-rw-r--r--app/middleware/require_permission_test.go2
3 files changed, 2 insertions, 28 deletions
diff --git a/app/middleware/permission.go b/app/middleware/permission.go
deleted file mode 100644
index 36a7ea0..0000000
--- a/app/middleware/permission.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package middleware
-
-import (
- v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
- "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
-)
-
-type Permission string
-
-func (p Permission) ToGID() string {
- return "gid://sparkle/Permission/" + p.String()
-}
-
-func (p Permission) RequestFor(user domain.Identifiable, resource domain.Identifiable) *v1.CheckPermissionRequest {
- return &v1.CheckPermissionRequest{
- Subject: &v1.SubjectReference{
- Object: user.ToObjectReference(),
- },
- Permission: p.String(),
- Resource: resource.ToObjectReference(),
- }
-}
-
-func (p Permission) String() string {
- return string(p)
-}
diff --git a/app/middleware/require_permission.go b/app/middleware/require_permission.go
index cfcae0c..441b334 100644
--- a/app/middleware/require_permission.go
+++ b/app/middleware/require_permission.go
@@ -10,7 +10,7 @@ import (
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
)
-func RequirePermission(permission Permission, client authz.PermissionService) func(http.Handler) http.Handler {
+func RequirePermission(permission domain.Permission, client authz.CheckPermissionService) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
user := cfg.CurrentUser.From(r.Context())
diff --git a/app/middleware/require_permission_test.go b/app/middleware/require_permission_test.go
index b11a33c..2023345 100644
--- a/app/middleware/require_permission_test.go
+++ b/app/middleware/require_permission_test.go
@@ -14,7 +14,7 @@ import (
func TestRequirePermission(t *testing.T) {
user := &domain.User{ID: domain.ID("1")}
ctx := cfg.CurrentUser.With(t.Context(), user)
- permission := Permission("read")
+ permission := domain.Permission("read")
t.Run("when the permission is granted", func(t *testing.T) {
r, w := test.RequestResponse("GET", "/sparkles", test.WithContext(ctx))
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 01:32:52 +0000