add one more assumption to harness ACL client

internal/auth/authz/harness/authorizer.go

@@ -128,9 +128,13 @@ func checkAclResponse(permissionChecks []*types.PermissionCheck, responseDto acl
 	 * We are assuming two things:
 	 *  - All permission checks were made for the same principal.
 	 *  - Permissions inherit down the hierarchy (Account -> Organization -> Project -> Repository)
+	 *	- No two checks are for the same permission - is similar to ff implementation:
+	 *		https://github.com/wings-software/ff-server/blob/master/pkg/rbac/client.go#L88
 	 *
 	 * Based on that, if there's any permitted result for a permission check the permission is allowed.
 	 * Now we just have to ensure that all permissions are allowed
+	 *
+	 * TODO: Use resource name + scope for verifying results.
 	 */
 
 	for _, check := range permissionChecks {

internal/auth/authz/harness/types.go

@@ -26,10 +26,11 @@ type aclResponseData struct {
 }
 
 type aclControlElement struct {
-	Permission    string           `json:"permission"`
+	Permission         string           `json:"permission"`
-	ResourceScope aclResourceScope `json:"resourceScope,omitempty"`
+	ResourceScope      aclResourceScope `json:"resourceScope,omitempty"`
-	ResourceType  string           `json:"resourceType"`
+	ResourceType       string           `json:"resourceType"`
-	Permitted     bool             `json:"permitted"`
+	ResourceIdentifier string           `json:"resourceIdentifier"`
+	Permitted          bool             `json:"permitted"`
 }
 
 type aclResourceScope struct {