diff options
Diffstat (limited to 'pkg/rpc')
| -rw-r--r-- | pkg/rpc/ability_service.go | 7 | ||||
| -rw-r--r-- | pkg/rpc/server_test.go | 10 |
2 files changed, 9 insertions, 8 deletions
diff --git a/pkg/rpc/ability_service.go b/pkg/rpc/ability_service.go index bf299da..18327d5 100644 --- a/pkg/rpc/ability_service.go +++ b/pkg/rpc/ability_service.go @@ -4,6 +4,7 @@ import ( context "context" "github.com/cedar-policy/cedar-go" + "gitlab.com/mokhax/spike/pkg/gid" "gitlab.com/mokhax/spike/pkg/policies" ) @@ -17,9 +18,9 @@ func NewAbilityService() *AbilityService { func (h *AbilityService) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) { ok := policies.Allowed(cedar.Request{ - Principal: cedar.NewEntityUID("User", cedar.String(req.Subject)), - Action: cedar.NewEntityUID("Action", cedar.String(req.Permission)), - Resource: cedar.NewEntityUID("Album", cedar.String(req.Resource)), + Principal: gid.NewEntityUID(req.Subject), + Action: cedar.NewEntityUID("Permission", cedar.String(req.Permission)), + Resource: gid.NewEntityUID(req.Resource), Context: cedar.NewRecord(cedar.RecordMap{}), }) return &AllowReply{Result: ok}, nil diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go index 0871173..66a177d 100644 --- a/pkg/rpc/server_test.go +++ b/pkg/rpc/server_test.go @@ -31,7 +31,7 @@ func TestServer(t *testing.T) { defer connection.Close() client := NewAbilityClient(connection) - t.Run("returns false", func(t *testing.T) { + t.Run("forbids", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ Subject: "", Permission: "", @@ -41,17 +41,17 @@ func TestServer(t *testing.T) { assert.False(t, reply.Result) }) - t.Run("returns true for alice:view:jane_vacation", func(t *testing.T) { + t.Run("allows alice:view:jane_vacation", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ - Subject: "alice", + Subject: "gid://User/alice", Permission: "view", - Resource: "jane_vacation", + Resource: "gid://Album/jane_vacation", }) require.NoError(t, err) assert.True(t, reply.Result) }) - t.Run("returns gid://User/1:read:gid://Organization/2", func(t *testing.T) { + t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ Subject: "gid://User/1", Permission: "read", |