fixup! Use SpiceDB for lease-related auth checks

dannyeldridge · dannyeldridge · commit 7335a62fc01b · 2025-03-07T11:31:14.000-08:00
diff --git a/lib/declarative_authorization/authorization.rb b/lib/declarative_authorization/authorization.rb
@@ -267,7 +267,7 @@ def permit!(privilege, options = {})
               # Check if the lease document is a renewal
               response = @auth_service.lookup_subjects(
                 resource_type: "lease_document",
-                resource_id: options[:object]&.lease_uuid,
+                resource_id: options[:object]&.lease_document_uuid,
                 permission: "renewal",
                 subject_type: "lease_document",
               )
@@ -285,6 +285,8 @@ def permit!(privilege, options = {})
             end
             
             if condition_matched
+              # For now, we will assume each rule's conditions are OR'd together. This is not the case
+              # for all rules, but it's the most common case and a good starting point.
               puts "  At least one matching condition found, checking spicedb"
               
               authorized = @auth_service.check_permission(
