right model

ceramicnetwork · Jul 16, 2024 · b286990 · b286990
1 parent 1f790ae
commit b286990
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/api/src/auth.rs b/api/src/auth.rs
@@ -129,11 +129,17 @@ fn authenticate_biscuit(biscuit: &Biscuit, operation: &Operation, resource: &str
     let mut auth = authorizer!(r#"
         operation({operation});
         resource({resource});
+        model({resource}, "kjzl6hvfrbw6cadyci5lvsff4jxl1idffrp2ld3i0k1znz0b3k67abkmtf7p7q3"); // FIXME
 
         is_allowed($user, $res) <-
             user($user),
             resource($res),
             right($user, $res);
+        is_allowed($user, $res) <-
+            user($user),
+            resource($res),
+            model($res, $model),
+            rightModel($user, $model);
 
         allow if is_allowed($user, $resource);
     "#,
@@ -142,6 +148,7 @@ fn authenticate_biscuit(biscuit: &Biscuit, operation: &Operation, resource: &str
     );
     auth.set_time();
     auth.add_token(biscuit).map_err(|e| format!("Failed to authorize biscuit: {e}"))?;
+    println!("debug:biscuit {}", auth.to_string());
     auth.authorize().map_err(|e| format!("Failed to authorize: {e}"))?;
     Ok(())
 }