From 3f54e2fc59f21029813863491b37e39bb6015115 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 2 Apr 2025 11:23:47 -0600
Subject: refactor: move policies and entities in policies package

---
 pkg/policies/init.go | 54 ++++++++++++++++++++++++++--------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

(limited to 'pkg/policies/init.go')

diff --git a/pkg/policies/init.go b/pkg/policies/init.go
index d455cb8..cabfbec 100644
--- a/pkg/policies/init.go
+++ b/pkg/policies/init.go
@@ -3,33 +3,21 @@ package policies
 import (
 	"embed"
 	_ "embed"
-	"encoding/json"
+	"fmt"
 	"io/fs"
 	"log"
+	"strings"
 
 	"github.com/cedar-policy/cedar-go"
 	"github.com/cedar-policy/cedar-go/types"
-	"github.com/xlgmokha/x/pkg/x"
 	xlog "gitlab.com/mokhax/spike/pkg/log"
 )
 
-//go:embed *.cedar
+//go:embed *.cedar *.json
 var files embed.FS
 
 var All *cedar.PolicySet = cedar.NewPolicySet()
-
-const entitiesJSON = `[
-  {
-    "uid": { "type": "User", "id": "alice" },
-    "attrs": { "age": 18 },
-    "parents": []
-  },
-  {
-    "uid": { "type": "Photo", "id": "VacationPhoto94.jpg" },
-    "attrs": {},
-    "parents": [{ "type": "Album", "id": "jane_vacation" }]
-  }
-]`
+var Entities cedar.EntityMap = cedar.EntityMap{}
 
 func init() {
 	err := fs.WalkDir(files, ".", func(path string, d fs.DirEntry, err error) error {
@@ -41,17 +29,30 @@ func init() {
 			return nil
 		}
 
-		content, err := fs.ReadFile(files, path)
-		if err != nil {
-			return err
-		}
+		if strings.HasSuffix(path, ".cedar") {
+			content, err := fs.ReadFile(files, path)
+			if err != nil {
+				return err
+			}
 
-		var policy cedar.Policy
-		if err := policy.UnmarshalCedar(content); err != nil {
-			return err
+			policy := cedar.Policy{}
+			if err := policy.UnmarshalCedar(content); err != nil {
+				return err
+			}
+			policy.SetFilename(path)
+
+			All.Add(cedar.PolicyID(path), &policy)
+		} else if strings.HasSuffix(path, ".json") {
+			content, err := fs.ReadFile(files, path)
+			if err != nil {
+				return err
+			}
+
+			if err := Entities.UnmarshalJSON(content); err != nil {
+				return err
+			}
 		}
 
-		All.Add(cedar.PolicyID(path), &policy)
 		return nil
 	})
 
@@ -61,10 +62,9 @@ func init() {
 }
 
 func Allowed(request cedar.Request) bool {
-	var entities cedar.EntityMap
-	x.Check(json.Unmarshal([]byte(entitiesJSON), &entities))
+	ok, diagnostic := All.IsAuthorized(Entities, request)
+	fmt.Printf("%v: %v -> %v %v%v\n", ok, request.Principal, request.Action, request.Context.Map(), request.Resource)
 
-	ok, diagnostic := All.IsAuthorized(entities, request)
 	if len(diagnostic.Errors) > 0 {
 		for err := range diagnostic.Errors {
 			xlog.Default.Printf("%v\n", err)
-- 
cgit v1.2.3