class StytchB2B::PolicyCache

def perform_authorization_check(

authorization_check is an object with keys 'action', 'resource_id', and 'organization_id'
subject_org_id does not match the authZ request organization_id.
will be raised. It's also possible for a TenancyError to be raised if the
check succeeds, this method will return. If the check fails, a PermissionError
Performs an authorization check against the project's policy and a set of roles. If the 
def perform_authorization_check(
  subject_roles:,
  subject_org_id:,
  authorization_check:
)
  request_org_id = authorization_check['organization_id']
  raise Stytch::TenancyError.new(subject_org_id, request_org_id) if request_org_id != subject_org_id
  policy = get_policy
  for role in policy['roles']
    next unless subject_roles.include?(role['role_id'])
    for permission in role['permissions']
      actions = permission['actions']
      resource = permission['resource_id']
      has_matching_action = actions.include?('*') || actions.include?(authorization_check['action'])
      has_matching_resource = resource == authorization_check['resource_id']
      if has_matching_action && has_matching_resource
        # All good
        return
      end
    end
  end
  # If we get here, we didn't find a matching permission
  raise Stytch::PermissionError, authorization_check
end