From eb92f823c31a5e702af7005231f0d6915aad3342 Mon Sep 17 00:00:00 2001
From: benj <benj@rse8.com>
Date: Mon, 24 Apr 2023 13:24:45 -0700
Subject: email templates, sendgrid, creds, and some experimental things

Started playing with namespace configs and integrating with zanzibar impls. Still lot's of experimenting and dead code going on.
---
 crates/secd/src/auth/z/mod.rs | 88 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 crates/secd/src/auth/z/mod.rs

(limited to 'crates/secd/src/auth/z/mod.rs')

diff --git a/crates/secd/src/auth/z/mod.rs b/crates/secd/src/auth/z/mod.rs
new file mode 100644
index 0000000..b364583
--- /dev/null
+++ b/crates/secd/src/auth/z/mod.rs
@@ -0,0 +1,88 @@
+mod graph;
+
+use crate::{Authorization, Secd, SecdError};
+use async_trait::async_trait;
+use uuid::Uuid;
+
+pub type Namespace = String;
+pub type Object = (Namespace, Uuid);
+pub type Relation = String;
+
+pub struct Relationship {
+    pub subject: Subject,
+    pub object: Object,
+    pub relation: Relation,
+}
+
+#[derive(Clone)]
+pub enum Subject {
+    User(Object),
+    UserSet { user: Object, relation: Relation },
+}
+
+#[async_trait]
+impl Authorization for Secd {
+    async fn check(&self, r: &Relationship) -> Result<bool, SecdError> {
+        let spice = self
+            .spice
+            .clone()
+            .expect("TODO: only supports postgres right now");
+
+        Ok(spice.check_permission(r).await?)
+    }
+    async fn expand(&self) -> Result<(), SecdError> {
+        todo!()
+    }
+    async fn read(&self) -> Result<(), SecdError> {
+        todo!()
+    }
+    async fn watch(&self) -> Result<(), SecdError> {
+        unimplemented!()
+    }
+    async fn write(&self, ts: &[Relationship]) -> Result<(), SecdError> {
+        let spice = self
+            .spice
+            .clone()
+            .expect("TODO: only supports postgres right now");
+
+        // Since spice doesn't really have a great schema pattern, we
+        // prefix all incoming write relationships with an r_ to indicate
+        // they are "relationships" rather than what spice calls permissions
+        spice
+            .write_relationship(
+                &ts.into_iter()
+                    .map(|r| Relationship {
+                        subject: r.subject.clone(),
+                        object: r.object.clone(),
+                        relation: format!("r_{}", r.relation),
+                    })
+                    .collect::<Vec<Relationship>>(),
+            )
+            .await?;
+        Ok(())
+    }
+}
+
+enum RelationToken {
+    Start,
+    Or,
+    And,
+    Exclude,
+}
+struct RelationContainer {
+    name: Relation,
+    bins: Vec<(RelationToken, Relation)>,
+}
+
+struct NamespaceContainer {
+    relations: Vec<RelationContainer>,
+}
+
+impl Secd {
+    async fn write_namespace(&self, ns: &NamespaceContainer) -> Result<(), SecdError> {
+        todo!()
+    }
+    async fn read_namespace(&self) -> Result<NamespaceContainer, SecdError> {
+        todo!()
+    }
+}
-- 
cgit v1.2.3