From e31ddc33417517fb754cbd7e13f8a13746bede02 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 5 Mar 2025 17:49:59 -0700
Subject: feat: add declarative policy

---
 bin/rpc | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'bin')

diff --git a/bin/rpc b/bin/rpc
index fe9a0dc..aa154c8 100755
--- a/bin/rpc
+++ b/bin/rpc
@@ -5,6 +5,7 @@ require "bundler/inline"
 gemfile do
   source "https://rubygems.org"
 
+  gem "declarative_policy", "~> 1.0"
   gem "grpc", "~> 1.0"
   gem "grpc-tools", "~> 1.0"
   gem "logger", "~> 1.0"
@@ -15,12 +16,27 @@ $LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
 
 require 'ability_services_pb'
 
+class ProjectPolicy < DeclarativePolicy::Base
+  condition(:owner) { @subject.owner?(@user) }
+
+  rule { owner }.enable :create_project
+end
+
 class AbilityHandler < ::Ability::Service
   def allowed(request, _call)
     puts [request, _call].inspect
-    # TODO:: entrypoint to declarative policies
     GRPC.logger.info([request, _call].inspect)
+
     AllowReply.new(result: true)
+    # TODO:: entrypoint to declarative policies
+    # AllowReply.new(result: policy_for(request).can?(request.permission))
+  end
+
+  private
+
+  def policy_for(request)
+    # TODO:: convert subject in form of GlobalID to Resource Type
+    DeclarativePolicy.policy_for(request.subject, request.resource)
   end
 end
 
-- 
cgit v1.2.3