Adding some TODOs

3 files changed, 25 insertions, 0 deletions

diff --git a/auth_model.ini b/auth_model.ini
new file mode 100644
index 0000000..9ca4b92
--- /dev/null
+++ b/auth_model.ini
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
diff --git a/main.go b/main.go
index 0b08023..3f5cedf 100644
--- a/main.go
+++ b/main.go
@@ -27,6 +27,7 @@ var (
 // LoadTokens load tokens from a csv into a map
 func LoadTokens() (map[string]string, error) {
 	tokenMap := make(map[string]string)
+	// TODO this should be configurable
 	contents, err := os.Open("tokens.csv")
 	if err != nil {
 		fmt.Println("File reading error", err)
@@ -139,6 +140,7 @@ func Authorization(enf *casbin.Enforcer, next http.Handler) http.Handler {
 }
 
 func main() {
+	// TODO this should be configurable
 	enf, _ := casbin.NewEnforcer("./auth_model.ini", "./policy.csv")
 	flag.Parse()
 	if *newToken {
diff --git a/policy.csv b/policy.csv
new file mode 100644
index 0000000..0722f5e
--- /dev/null
+++ b/policy.csv
@@ -0,0 +1,9 @@
+p,role:admin,config,admin
+p,role:maintainers,/cch/info/refs,GET
+p,role:maintainers,/cch/git-upload-pack,POST
+p,role:maintainers,*,write
+
+g,role:admin,role:maintainers
+
+g,admin,role:admin
+g,uid:grumps,role:maintainers