added logging

handlers/authorize.go

@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
+	"time"
 )
 
 var authService *models.CachedAuthorizationService
@@ -69,17 +70,101 @@ func AuthorizeHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Perform authorization
+	log.Printf("[Handler] Performing authorization check for user=%s, resource=%s, action=%s", ctx.UserID, ctx.Resource, ctx.Action)
 	result, err := services.AuthorizeWithCache(authService, &ctx)
 	if err != nil {
 		helper.LogError(err, "Authorization service error")
+		log.Printf("✗ Authorization service error for user=%s: %v", ctx.UserID, err)
 		helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
 		return
 	}
 
 	// Return result
 	if result.Allowed {
+		log.Printf("✓ [Handler] Authorization ALLOWED - Returning 200 OK to client")
 		helper.RespondWithJSON(w, http.StatusOK, result)
 	} else {
+		log.Printf("✗ [Handler] Authorization DENIED - Returning 403 Forbidden to client (reason: %s)", result.Message)
 		helper.RespondWithJSON(w, http.StatusForbidden, result)
 	}
 }
+
+// SimpleCheckRequest represents a simplified authorization check request
+type SimpleCheckRequest struct {
+	Resource     string            `json:"resource"`
+	Action       string            `json:"action"`
+	ResourceData map[string]string `json:"resource_data,omitempty"`
+}
+
+// SimpleCheckHandler godoc
+// @Summary Simple permission check
+// @Description Simplified endpoint to check if the authenticated user has permission for a resource/action
+// @Tags authorization
+// @Accept json
+// @Produce json
+// @Param request body SimpleCheckRequest true "Simple authorization request"
+// @Success 200 {object} map[string]interface{}
+// @Failure 400 {object} map[string]string
+// @Failure 401 {object} map[string]string
+// @Failure 403 {object} map[string]interface{}
+// @Security BearerToken
+// @Router /v1/auth/simple-check [post]
+func SimpleCheckHandler(w http.ResponseWriter, r *http.Request) {
+	// Get claims from JWT middleware
+	claims, ok := middleware.GetClaims(r)
+	if !ok {
+		helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized")
+		return
+	}
+
+	var req SimpleCheckRequest
+	err := json.NewDecoder(r.Body).Decode(&req)
+	if err != nil {
+		helper.RespondWithError(w, http.StatusBadRequest, "Invalid request payload")
+		return
+	}
+
+	// Validate request
+	if req.Resource == "" || req.Action == "" {
+		helper.RespondWithError(w, http.StatusBadRequest, "Missing required fields: resource, action")
+		return
+	}
+
+	log.Printf("[SimpleCheck] Authorization request for user=%s, resource=%s, action=%s",
+		claims.UserID, req.Resource, req.Action)
+
+	// Build authorization context
+	ctx := &models.AuthorizationContext{
+		UserID:       claims.UserID,
+		Resource:     req.Resource,
+		Action:       req.Action,
+		ResourceData: req.ResourceData,
+		Environment:  make(map[string]string),
+	}
+
+	// Add current time to environment
+	ctx.Environment["time"] = time.Now().Format(time.RFC3339)
+
+	// Use the direct Authorize function (non-cached)
+	log.Printf("[SimpleCheck] Using direct (non-cached) authorization")
+	result, err := services.Authorize(ctx)
+	if err != nil {
+		helper.LogError(err, "Simple authorization check error")
+		log.Printf("✗ Simple authorization check error for user=%s: %v", claims.UserID, err)
+		helper.RespondWithError(w, http.StatusInternalServerError, "Authorization check failed")
+		return
+	}
+
+	response := map[string]interface{}{
+		"allowed": result.Allowed,
+		"message": result.Message,
+	}
+
+	if result.Allowed {
+		log.Printf("✓ [SimpleCheck] Authorization ALLOWED for user=%s", claims.UserID)
+		helper.RespondWithJSON(w, http.StatusOK, response)
+	} else {
+		log.Printf("✗ [SimpleCheck] Authorization DENIED for user=%s - Reason: %s", claims.UserID, result.Message)
+		helper.RespondWithJSON(w, http.StatusForbidden, response)
+	}
+}