Skip to content

Commit 32add98

Browse files
committed
use enforcer
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 838f00c commit 32add98

1 file changed

Lines changed: 9 additions & 12 deletions

File tree

app/controlplane/internal/service/service.go

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -331,22 +331,19 @@ func (s *service) visibleProjects(ctx context.Context) []uuid.UUID {
331331

332332
// checkPolicy Checks a policy against a user or a token
333333
func (s *service) checkPolicy(ctx context.Context, policy *authz.Policy) error {
334-
_, token, err := requireCurrentUserOrAPIToken(ctx)
335-
if err != nil {
336-
return err
337-
}
338-
339334
// Token case
340-
if token != nil {
341-
for _, p := range token.Policies {
342-
if p.Resource == policy.Resource && p.Action == policy.Action {
343-
return nil
344-
}
335+
sub := usercontext.CurrentAuthzSubject(ctx)
336+
if sub != "" {
337+
ok, err := s.authz.Enforce(ctx, sub, policy)
338+
if err != nil {
339+
return handleUseCaseErr(err, s.log)
340+
}
341+
if ok {
342+
return nil
345343
}
346-
return errors.Forbidden("forbidden", "not allowed")
347344
}
348345

349-
// user case
346+
// Other cases
350347
m := entities.CurrentMembership(ctx)
351348
if m == nil {
352349
return errors.Forbidden("forbidden", "not allowed")

0 commit comments

Comments
 (0)