Check owner permissions in resolvers (#291)

* check permissions against ownerID, rather than resource

Signed-off-by: Matt Siwiec <[email protected]>

* establish permissions auth-relationship in ports

Signed-off-by: Matt Siwiec <[email protected]>

---------

Signed-off-by: Matt Siwiec <[email protected]>

internal/ent/schema/port.go

@@ -58,6 +58,7 @@ func (Port) Fields() []ent.Field {
 			Annotations(
 				entgql.Type("ID"),
 				entgql.Skip(entgql.SkipWhereInput, entgql.SkipMutationUpdateInput),
+				pubsubinfo.EventsHookAdditionalSubject("loadbalancer"),
 			),
 	}
 }

internal/manualhooks/hooks.go

@@ -1002,6 +1002,11 @@ func PortHooks() []ent.Hook {
 						})
 					}
 
+					relationships = append(relationships, events.AuthRelationshipRelation{
+						Relation:  "loadbalancer",
+						SubjectID: load_balancer_id,
+					})
+
 					msg := events.ChangeMessage{
 						EventType:            eventType(m.Op()),
 						SubjectID:            objID,
@@ -1089,6 +1094,11 @@ func PortHooks() []ent.Hook {
 					additionalSubjects = append(additionalSubjects, dbObj.Edges.LoadBalancer.OwnerID)
 					additionalSubjects = append(additionalSubjects, dbObj.Edges.LoadBalancer.ProviderID)
 
+					relationships = append(relationships, events.AuthRelationshipRelation{
+						Relation:  "loadbalancer",
+						SubjectID: dbObj.LoadBalancerID,
+					})
+
 					// we have all the info we need, now complete the mutation before we process the event
 					retValue, err := next.Mutate(ctx, m)
 					if err != nil {