From f3e8f7afd98152de680c82fbc128b796a655fddb Mon Sep 17 00:00:00 2001
From: Daniel Ponte <amigan@gmail.com>
Date: Tue, 4 Feb 2025 09:25:07 -0500
Subject: [PATCH] shares start public

---
 pkg/rbac/policy/policy.go | 10 ++++------
 pkg/shares/store.go       |  5 +++++
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/rbac/policy/policy.go b/pkg/rbac/policy/policy.go
index 16addcc..6cf50c1 100644
--- a/pkg/rbac/policy/policy.go
+++ b/pkg/rbac/policy/policy.go
@@ -112,13 +112,11 @@ var Policy = &restrict.PolicyDefinition{
 			Parents:     []string{entities.RoleAdmin},
 		},
 		entities.RolePublic: {
-			/*
-				Grants: restrict.GrantsMap{
-					entities.ResourceShare: {
-						&restrict.Permission{Action: entities.ActionRead},
-					},
+			Grants: restrict.GrantsMap{
+				entities.ResourceShare: {
+					&restrict.Permission{Action: entities.ActionRead},
 				},
-			*/
+			},
 		},
 	},
 	PermissionPresets: restrict.PermissionPresets{
diff --git a/pkg/shares/store.go b/pkg/shares/store.go
index 11e7e2f..14287a7 100644
--- a/pkg/shares/store.go
+++ b/pkg/shares/store.go
@@ -48,6 +48,11 @@ func recToShare(share database.Share) *Share {
 }
 
 func (s *postgresStore) GetShare(ctx context.Context, id string) (*Share, error) {
+	_, err := rbac.Check(ctx, rbac.UseResource(entities.ResourceShare), rbac.WithActions(entities.ActionRead))
+	if err != nil {
+		return nil, err
+	}
+
 	db := database.FromCtx(ctx)
 	rec, err := db.GetShare(ctx, id)
 	switch err {