Commit 064d14b
Changed files (5)
bin/idp
@@ -167,7 +167,14 @@ module Authn
end
def to_global_id
- ::GlobalID.create(self, app: "example").to_s
+ ::GlobalID.new(
+ ::URI::GID.build(
+ app: "example",
+ model_name: "User",
+ model_id: id,
+ params: {}
+ )
+ ).to_s
end
end
pkg/app/app.go
@@ -7,7 +7,7 @@ import (
)
func Start(bindAddr string) error {
- mux := authz.HTTP(authz.WithCasbin(), Routes())
+ mux := authz.HTTP(authz.WithCedar(), Routes())
return srv.Run(cfg.New(
bindAddr,
cfg.WithMux(mux),
pkg/policies/organization.cedar
@@ -1,5 +1,5 @@
permit (
principal == User::"1",
action == Permission::"read",
- resource in Organization::"2"
+ resource == Organization::"2"
);
pkg/rpc/server_test.go
@@ -43,9 +43,9 @@ func TestServer(t *testing.T) {
t.Run("allows alice:view:jane_vacation", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &AllowRequest{
- Subject: "gid://User/alice",
+ Subject: "gid://example/User/alice",
Permission: "view",
- Resource: "gid://Album/jane_vacation",
+ Resource: "gid://example/Album/jane_vacation",
})
require.NoError(t, err)
assert.True(t, reply.Result)
@@ -53,9 +53,9 @@ func TestServer(t *testing.T) {
t.Run("allows gid://User/1 read gid://Organization/2", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &AllowRequest{
- Subject: "gid://User/1",
+ Subject: "gid://example/User/1",
Permission: "read",
- Resource: "gid://Organization/2",
+ Resource: "gid://example/Organization/2",
})
require.NoError(t, err)
assert.True(t, reply.Result)
test/e2e_test.go
@@ -322,7 +322,7 @@ func TestAuthx(t *testing.T) {
claims := x.Must(serde.FromJSON[map[string]interface{}](response.Body))
assert.Equal(t, true, claims["active"])
- assert.Equal(t, "gid://example/Authn::User/1", claims["sub"])
+ assert.Equal(t, "gid://example/User/1", claims["sub"])
})
})
})