diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-23 12:21:24 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-23 12:21:24 -0600 |
| commit | 9674cfaedfdb8d583cfe75e1c1738a1c1d66c7f9 (patch) | |
| tree | 4ecede06bdc4e3e689ff4e3f952db603038f7790 /internal/stub | |
| parent | 944ef4ca499fe27a57d4cd3c21bccb99508526ca (diff) | |
refactor: inject permission service into sparkle controller
Diffstat (limited to 'internal/stub')
| -rw-r--r-- | internal/stub/check.go | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/internal/stub/check.go b/internal/stub/check.go new file mode 100644 index 0000000..ec257e3 --- /dev/null +++ b/internal/stub/check.go @@ -0,0 +1,53 @@ +package stub + +import ( + "context" + "strings" + "testing" + + v1 "github.com/authzed/authzed-go/proto/authzed/api/v1" + "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/authz" + "google.golang.org/grpc" +) + +type Check func(context.Context, *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) + +func (m Check) CheckPermission(ctx context.Context, r *v1.CheckPermissionRequest, opts ...grpc.CallOption) (*v1.CheckPermissionResponse, error) { + return m(ctx, r) +} + +func AllowWith(t *testing.T, subject string, permission string, resource string) authz.PermissionService { + user := strings.SplitN(subject, ":", 2) + model := strings.SplitN(resource, ":", 2) + + return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) { + require.Equal(t, user[0], r.Subject.Object.ObjectType) + require.Equal(t, user[1], r.Subject.Object.ObjectId) + + require.Equal(t, permission, r.Permission) + + require.Equal(t, model[0], r.Resource.ObjectType) + require.Equal(t, model[1], r.Resource.ObjectId) + + return &v1.CheckPermissionResponse{ + Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, + }, nil + }) +} + +func Allow() authz.PermissionService { + return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) { + return &v1.CheckPermissionResponse{ + Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, + }, nil + }) +} + +func Deny() authz.PermissionService { + return Check(func(ctx context.Context, r *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) { + return &v1.CheckPermissionResponse{ + Permissionship: v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION, + }, nil + }) +} |