fix: provide roleScopingEntityURN in config

Dockerfile

@@ -25,10 +25,7 @@ USER node
 ARG APP_HOME=/home/node/srv
 WORKDIR $APP_HOME
 
-COPY package.json package.json
-COPY package-lock.json package-lock.json
-
-COPY --chown=node:node . $APP_HOME
+COPY --chown=node:node ./cfg $APP_HOME/cfg
 COPY --chown=node:node --from=build $APP_HOME/lib $APP_HOME/lib
 
 EXPOSE 50051

src/utilts.ts

@@ -21,9 +21,9 @@ import { Logger } from 'winston';
 
 // Create a ids client instance
 let idsClientInstance: UserServiceClient;
+const cfg = createServiceConfig(process.cwd());
 const getUserServiceClient = async () => {
   if (!idsClientInstance) {
-    const cfg = createServiceConfig(process.cwd());
     // identity-srv client to resolve subject ID by token
     const grpcIDSConfig = cfg.get('client:user');
     const loggerCfg = cfg.get('logger');
@@ -124,7 +124,7 @@ export async function checkAccessRequest(ctx: GQLClientContext, resource: Resour
 
   let result: DecisionResponse | PolicySetRQResponse;
   try {
-    result = await accessRequest(subject, resource, action, ctx, operation);
+    result = await accessRequest(subject, resource, action, ctx, { operation, roleScopingEntityURN: cfg?.get('authorization:urns:organization') });
   } catch (err) {
     return {
       decision: Response_Decision.DENY,
@@ -148,11 +148,11 @@ export function _filterJobData(data: Data, encode: boolean, logger: Logger): Pic
     }
   }
 
-  if(picked?.meta?.created && typeof picked.meta.created === 'string') {
+  if (picked?.meta?.created && typeof picked.meta.created === 'string') {
     picked.meta.created = new Date(picked.meta.created);
   }
 
-  if(picked?.meta?.modified && typeof picked.meta.modified === 'string') {
+  if (picked?.meta?.modified && typeof picked.meta.modified === 'string') {
     picked.meta.modified = new Date(picked.meta.modified);
   }