Allow passing in access control impl to the server

pkg/server/config.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/rancher/steve/pkg/accesscontrol"
 	"github.com/rancher/steve/pkg/auth"
 	"github.com/rancher/steve/pkg/schema"
 	"github.com/rancher/steve/pkg/schemaserver/types"
@@ -30,6 +31,7 @@ type Server struct {
 
 	Namespace       string
 	BaseSchemas     *types.APISchemas
+	AccessSetLookup accesscontrol.AccessSetLookup
 	SchemaTemplates []schema.Template
 	AuthMiddleware  auth.Middleware
 	Next            http.Handler

pkg/server/server.go

@@ -61,7 +61,12 @@ func setup(ctx context.Context, server *Server) (http.Handler, *schema.Collectio
 	server.BaseSchemas = resources.DefaultSchemas(server.BaseSchemas, server.K8s.Discovery(), ccache)
 	server.SchemaTemplates = append(server.SchemaTemplates, resources.DefaultSchemaTemplates(cf)...)
 
-	sf := schema.NewCollection(server.BaseSchemas, accesscontrol.NewAccessStore(server.RBAC))
+	asl := server.AccessSetLookup
+	if asl == nil {
+		asl = accesscontrol.NewAccessStore(server.RBAC)
+	}
+
+	sf := schema.NewCollection(server.BaseSchemas, asl)
 	sync := schemacontroller.Register(ctx,
 		server.K8s.Discovery(),
 		server.CRD.CustomResourceDefinition(),