diff options
Diffstat (limited to 'pkg/rpc')
| -rw-r--r-- | pkg/rpc/ability_handler.go | 17 | ||||
| -rw-r--r-- | pkg/rpc/server.go | 2 | ||||
| -rw-r--r-- | pkg/rpc/server_test.go | 12 |
3 files changed, 26 insertions, 5 deletions
diff --git a/pkg/rpc/ability_handler.go b/pkg/rpc/ability_handler.go index b36ce14..973e1db 100644 --- a/pkg/rpc/ability_handler.go +++ b/pkg/rpc/ability_handler.go @@ -2,14 +2,25 @@ package rpc import ( context "context" + + "github.com/cedar-policy/cedar-go" + "gitlab.com/mokhax/spike/pkg/policies" ) type AbilityHandler struct { UnimplementedAbilityServer } +func NewAbilityHandler() *AbilityHandler { + return &AbilityHandler{} +} + func (h *AbilityHandler) Allowed(ctx context.Context, req *AllowRequest) (*AllowReply, error) { - return &AllowReply{ - Result: false, - }, nil + ok := policies.Allowed(cedar.Request{ + Principal: cedar.NewEntityUID("User", cedar.String(req.Subject)), + Action: cedar.NewEntityUID("Action", cedar.String(req.Permission)), + Resource: cedar.NewEntityUID("Album", cedar.String(req.Resource)), + Context: cedar.NewRecord(cedar.RecordMap{}), + }) + return &AllowReply{Result: ok}, nil } diff --git a/pkg/rpc/server.go b/pkg/rpc/server.go index c78b5d4..90bfdaf 100644 --- a/pkg/rpc/server.go +++ b/pkg/rpc/server.go @@ -6,6 +6,6 @@ import ( func New(options ...grpc.ServerOption) *grpc.Server { server := grpc.NewServer(options...) - RegisterAbilityServer(server, &AbilityHandler{}) + RegisterAbilityServer(server, NewAbilityHandler()) return server } diff --git a/pkg/rpc/server_test.go b/pkg/rpc/server_test.go index 0ae0f01..266f143 100644 --- a/pkg/rpc/server_test.go +++ b/pkg/rpc/server_test.go @@ -31,7 +31,7 @@ func TestServer(t *testing.T) { defer connection.Close() client := NewAbilityClient(connection) - t.Run("returns a result", func(t *testing.T) { + t.Run("returns false", func(t *testing.T) { reply, err := client.Allowed(t.Context(), &AllowRequest{ Subject: "", Permission: "", @@ -40,4 +40,14 @@ func TestServer(t *testing.T) { require.NoError(t, err) assert.False(t, reply.Result) }) + + t.Run("returns true", func(t *testing.T) { + reply, err := client.Allowed(t.Context(), &AllowRequest{ + Subject: "alice", + Permission: "view", + Resource: "jane_vacation", + }) + require.NoError(t, err) + assert.True(t, reply.Result) + }) } |