feat: embed cedar policies in policies package

author: mo khan <mo@mokhan.ca> 2025-04-02 09:45:37 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-02 09:45:37 -0600
commit: c75ceda92ce98c654747457c4fdfd32766487653 (patch)
tree: 7af774e87806f9522930a51d1d08ef67b9ece602 /pkg/rpc/ability_handler.go
parent: c851e7d0ff5cbc33dfec8df068529aeb2c70ebfc (diff)
1 files changed, 14 insertions, 3 deletions
diff --git a/pkg/rpc/ability_handler.go b/pkg/rpc/ability_handler.go
index b36ce14..973e1db 100644
--- a/pkg/rpc/ability_handler.go
+++ b/pkg/rpc/ability_handler.go
@@ -2,14 +2,25 @@ package rpc
 
 import (
 	context "context"
+
+	"github.com/cedar-policy/cedar-go"
+	"gitlab.com/mokhax/spike/pkg/policies"
 )
 
 type AbilityHandler struct {
 	UnimplementedAbilityServer
 }
 
+func NewAbilityHandler() *AbilityHandler {
+	return &AbilityHandler{}
+}
+
 func (h *AbilityHandler) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) {
-	return &AllowReply{
-		Result: false,
-	}, nil
+	ok := policies.Allowed(cedar.Request{
+		Principal: cedar.NewEntityUID("User", cedar.String(req.Subject)),
+		Action:    cedar.NewEntityUID("Action", cedar.String(req.Permission)),
+		Resource:  cedar.NewEntityUID("Album", cedar.String(req.Resource)),
+		Context:   cedar.NewRecord(cedar.RecordMap{}),
+	})
+	return &AllowReply{Result: ok}, nil
 }
author	mo khan <mo@mokhan.ca>	2025-04-02 09:45:37 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-02 09:45:37 -0600
commit	c75ceda92ce98c654747457c4fdfd32766487653 (patch)
tree	7af774e87806f9522930a51d1d08ef67b9ece602 /pkg/rpc/ability_handler.go
parent	c851e7d0ff5cbc33dfec8df068529aeb2c70ebfc (diff)