aboutsummaryrefslogtreecommitdiff
path: root/crates/secd/src/client
diff options
context:
space:
mode:
Diffstat (limited to 'crates/secd/src/client')
-rw-r--r--crates/secd/src/client/spice/mod.rs38
1 files changed, 36 insertions, 2 deletions
diff --git a/crates/secd/src/client/spice/mod.rs b/crates/secd/src/client/spice/mod.rs
index 67965d7..f24a512 100644
--- a/crates/secd/src/client/spice/mod.rs
+++ b/crates/secd/src/client/spice/mod.rs
@@ -14,7 +14,7 @@ use spice::WriteSchemaRequest;
use std::matches;
use tonic::metadata::MetadataValue;
use tonic::transport::Channel;
-use tonic::{Request, Status};
+use tonic::{Request, Response, Status, Streaming};
use crate::auth::z::{self, Subject};
use crate::client::spice::spice::{
@@ -22,7 +22,10 @@ use crate::client::spice::spice::{
};
use self::spice::check_permission_response::Permissionship;
-use self::spice::{consistency, CheckPermissionRequest, Consistency, WriteRelationshipsRequest};
+use self::spice::{
+ consistency, CheckPermissionRequest, Consistency, LookupResourcesRequest,
+ LookupResourcesResponse, WriteRelationshipsRequest,
+};
#[derive(Debug, thiserror::Error, derive_more::Display)]
pub enum SpiceError {
@@ -46,6 +49,37 @@ impl Spice {
Spice { channel, secret }
}
+ pub async fn lookup_resources(
+ &self,
+ ns: &str,
+ relation: &str,
+ subj: &Subject,
+ ) -> Result<Vec<String>, SpiceError> {
+ let mut client =
+ PermissionsServiceClient::with_interceptor(self.channel.clone(), |req: Request<()>| {
+ self.intercept(req)
+ });
+
+ let request = tonic::Request::new(LookupResourcesRequest {
+ consistency: Some(Consistency {
+ requirement: Some(consistency::Requirement::MinimizeLatency(true)),
+ }),
+ resource_object_type: ns.to_string(),
+ permission: relation.to_string(),
+ subject: Some(SubjectReference::from(subj)),
+ context: None,
+ });
+
+ let mut res = vec![];
+ let mut response: Streaming<LookupResourcesResponse> =
+ client.lookup_resources(request).await?.into_inner();
+ if let Some(d) = response.message().await? {
+ res.push(d.resource_object_id);
+ }
+
+ Ok(res)
+ }
+
pub async fn check_permission(&self, r: &z::Relationship) -> Result<bool, SpiceError> {
let mut client =
PermissionsServiceClient::with_interceptor(self.channel.clone(), |req: Request<()>| {
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 07:13:31 +0000