Implements an Authorizer that wraps casbin.

internal/auth/authorizer.go

@@ -0,0 +1,34 @@
+package auth
+
+import (
+	"fmt"
+
+	"github.com/casbin/casbin"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func New(model, policy string) *Authorizer {
+	enforcer := casbin.NewEnforcer(model, policy)
+	return &Authorizer{
+		enforcer: enforcer,
+	}
+}
+
+type Authorizer struct {
+	enforcer *casbin.Enforcer
+}
+
+func (a *Authorizer) Authorize(subject, object, action string) error {
+	if !a.enforcer.Enforce(subject, object, action) {
+		msg := fmt.Sprintf(
+			"%s not permitted to %s to %s",
+			subject,
+			action,
+			object,
+		)
+		st := status.New(codes.PermissionDenied, msg)
+		return st.Err()
+	}
+	return nil
+}