diff --git a/opa/ad/read.rego b/opa/ad/read.rego index ed974fe..9c7adc2 100644 --- a/opa/ad/read.rego +++ b/opa/ad/read.rego @@ -3,7 +3,7 @@ package AD.READ default allow := false allow { - input.userUuid == input.owner + input.owner == input.requester } allow { diff --git a/src/modules/authorization/adapters/primaries/authorization.controller.ts b/src/modules/authorization/adapters/primaries/authorization.controller.ts index b975371..cefd9be 100644 --- a/src/modules/authorization/adapters/primaries/authorization.controller.ts +++ b/src/modules/authorization/adapters/primaries/authorization.controller.ts @@ -25,6 +25,7 @@ export class AuthorizationController { @GrpcMethod('AuthorizationService', 'Decide') async decide(data: DecisionRequest): Promise { try { + console.log(data); const authorization: Authorization = await this._queryBus.execute( new DecisionQuery(data.uuid, data.domain, data.action, data.context), ); diff --git a/src/modules/authorization/domain/dtos/domain.enum.ts b/src/modules/authorization/domain/dtos/domain.enum.ts index 1fa511a..9d24c49 100644 --- a/src/modules/authorization/domain/dtos/domain.enum.ts +++ b/src/modules/authorization/domain/dtos/domain.enum.ts @@ -1,4 +1,5 @@ export enum Domain { USER = 'USER', ADMIN = 'ADMIN', + AD = 'AD', }