1 files changed, 29 insertions, 5 deletions

diff --git a/lib/authx/rpc/ability_handler.rb b/lib/authx/rpc/ability_handler.rb
index 9f9b8fe..5f977e6 100644
--- a/lib/authx/rpc/ability_handler.rb
+++ b/lib/authx/rpc/ability_handler.rb
@@ -1,10 +1,19 @@
 # frozen_string_literal: true
 
+class Organization
+  class << self
+    def find(id)
+      new
+    end
+  end
+end
+
 module Authx
   module Rpc
+
     class AbilityHandler
       def allowed(request, env)
-        puts [request, env].inspect
+        puts [request, env, can?(request)].inspect
 
         {
           result: can?(request)
@@ -14,12 +23,27 @@ module Authx
       private
 
       def can?(request)
-        policy_for(request).can?(request.permission)
+        subject = subject_of(request.subject)
+        resource = resource_from(request.resource)
+        policy = DeclarativePolicy.policy_for(subject, resource)
+        policy.can?(request.permission.to_sym)
+      end
+
+      def subject_of(token)
+        _header, claims, _signature = from_jwt(token)
+        claims[:sub]
+      end
+
+      def resource_from(global_id)
+        # TODO:: Parse global id and convert to class
+        GlobalID::Locator.locate(global_id)
       end
 
-      def policy_for(request)
-        # TODO:: convert subject in form of GlobalID to Resource Type
-        DeclarativePolicy.policy_for(request.subject, request.resource)
+      # TODO:: validate signature
+      def from_jwt(token)
+        token
+          .split('.', 3)
+          .map { |x| JSON.parse(Base64.strict_decode64(x), symbolize_names: true) }
       end
     end
   end