From 8ca3433b2a4a82723e00e64b1e5aff0b1bed95b3 Mon Sep 17 00:00:00 2001
From: benj <benj@rse8.com>
Date: Fri, 30 Dec 2022 15:57:36 -0800
Subject: impl authZ write and check (depends on spicedb for now)

---
 crates/iam/src/main.rs | 53 ++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 8 deletions(-)

(limited to 'crates/iam')

diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index ce72072..c2ab5a3 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -4,14 +4,13 @@ mod util;
 
 use anyhow::bail;
 use api::{
-    AdminAction, AdminObject, Args, CliError, Command, CreateObject, DevObject, GetObject,
-    LinkObject, ListObject, Validation,
+    AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, LinkObject,
+    ListObject,
 };
 use clap::Parser;
 use command::dev_oauth2_listen;
 use env_logger::Env;
-use secd::{Secd, SecdError, ENV_AUTH_STORE_CONN_STRING};
-use std::str::FromStr;
+use secd::{auth::z, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET, ENV_SPICE_SERVER};
 use util::{error_detail, Result};
 use uuid::Uuid;
 
@@ -53,12 +52,50 @@ async fn exec() -> Result<Option<String>> {
             // let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
             std::env::set_var(
                 ENV_AUTH_STORE_CONN_STRING,
-                "sqlite:///tmp/store.db?mode=rwc",
-                // "postgresql://secduser:p4ssw0rd@localhost:5412/secd",
+                "postgresql://secduser:p4ssw0rd@localhost:5412/secd",
             );
-            let secd = Secd::init()
+            std::env::set_var(ENV_SPICE_SECRET, "sup3rs3cr3tk3y");
+            std::env::set_var(ENV_SPICE_SERVER, "http://[::1]:50051");
+
+            let secd = Secd::init(Some(
+                "definition user {}\ndefinition organization {\n relation member: user \n }\n",
+            ))
+            .await
+            .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+
+            secd.write(&vec![z::Relationship {
+                subject: z::Subject::User((
+                    "user".into(),
+                    Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
+                )),
+                object: (
+                    "organization".into(),
+                    Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
+                ),
+                relation: "member".into(),
+            }])
+            .await
+            .unwrap();
+
+            let y = match secd
+                .check(&z::Relationship {
+                    subject: z::Subject::User((
+                        "user".into(),
+                        Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
+                    )),
+                    object: (
+                        "organization".into(),
+                        Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
+                    ),
+                    relation: "memb".into(),
+                })
                 .await
-                .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+            {
+                Ok(v) => v,
+                Err(e) => panic!("fooooooooooooooooooooooooooooooooooooooooooooooo"),
+            };
+
+            println!("DID I HAZ IT? {:#?}", y);
 
             match rest {
                 Command::Admin { action } => admin(&secd, action).await?,
-- 
cgit v1.2.3