Skip to content

Commit

Permalink
fix: relation creation API (#49)
Browse files Browse the repository at this point in the history
  • Loading branch information
ishanarya0 authored May 17, 2024
1 parent 6c8fdc9 commit dc1b30b
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 11 deletions.
17 changes: 8 additions & 9 deletions core/resource/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,8 @@ func (s Service) CheckAuthz(ctx context.Context, res Resource, act action.Action
isSystemNS := namespace.IsSystemNamespaceID(res.NamespaceID)
fetchedResource := res

if isSystemNS {
if !uuid.IsValid(res.Name) {
if !uuid.IsValid(res.Name) {
if isSystemNS {
switch res.NamespaceID {
case namespace.DefinitionProject.ID:
project, err := s.projectService.Get(ctx, res.Name)
Expand All @@ -249,15 +249,14 @@ func (s Service) CheckAuthz(ctx context.Context, res Resource, act action.Action
}
res.Name = group.ID
}
}
fetchedResource.Idxa = res.Name
} else {
fetchedResource, err = s.repository.GetByNamespace(ctx, res.Name, res.NamespaceID)
if err != nil {
return false, ErrNotExist
} else {
fetchedResource, err = s.repository.GetByNamespace(ctx, res.Name, res.NamespaceID)
if err != nil {
return false, ErrNotExist
}
}
}

fetchedResource.Idxa = res.Name
fetchedResourceNS := namespace.Namespace{ID: fetchedResource.NamespaceID}
return s.relationService.CheckPermission(ctx, currentUser, fetchedResourceNS, fetchedResource.Idxa, act)
}
5 changes: 5 additions & 0 deletions internal/api/v1beta1/relation.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"github.com/goto/shield/core/relation"
errpkg "github.com/goto/shield/pkg/errors"
"github.com/goto/shield/pkg/uuid"
shieldv1beta1 "github.com/goto/shield/proto/v1beta1"
grpczap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
"google.golang.org/grpc/codes"
Expand Down Expand Up @@ -60,6 +61,10 @@ func (h Handler) CreateRelation(ctx context.Context, request *shieldv1beta1.Crea
return nil, grpcBadBodyError
}

if !uuid.IsValid(request.GetBody().GetObjectId()) {
return nil, grpcBadBodyError
}

principal, subjectID := extractSubjectFromPrincipal(request.GetBody().GetSubject())

result, err := h.resourceService.CheckAuthz(ctx, resource.Resource{
Expand Down
31 changes: 29 additions & 2 deletions internal/api/v1beta1/relation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,27 @@ var (
RoleID: "role1",
},
Object: relation.Object{
ID: "object-id",
ID: "5e70ba45-dc63-4152-9d72-27cbc34d9d13",
NamespaceID: "ns2",
},
}

testRelationV2Invalid = relation.RelationV2{
ID: "relation-id-1",
Subject: relation.Subject{
ID: "subject-id",
Namespace: "ns1",
RoleID: "role1",
},
Object: relation.Object{
ID: "non-uuid",
NamespaceID: "ns2",
},
}

testRelationPB = &shieldv1beta1.Relation{
Id: "relation-id-1",
ObjectId: "object-id",
ObjectId: "5e70ba45-dc63-4152-9d72-27cbc34d9d13",
ObjectNamespace: "ns2",
Subject: "ns1:subject-id",
RoleName: "role1",
Expand Down Expand Up @@ -111,6 +124,20 @@ func TestHandler_CreateRelation(t *testing.T) {
want: nil,
wantErr: grpcInternalServerError,
},
{
name: "should return bad body error if object id is not uuid",
setup: func(rs *mocks.RelationService, res *mocks.ResourceService) {},
request: &shieldv1beta1.CreateRelationRequest{
Body: &shieldv1beta1.RelationRequestBody{
ObjectId: testRelationV2Invalid.Object.ID,
ObjectNamespace: testRelationV2Invalid.Object.NamespaceID,
Subject: generateSubject(testRelationV2Invalid.Subject.ID, testRelationV2Invalid.Subject.Namespace),
RoleName: testRelationV2Invalid.Subject.RoleID,
},
},
want: nil,
wantErr: grpcBadBodyError,
},
{
name: "should return permision denied error if resource service's CheckAuthz function returns false",
setup: func(rs *mocks.RelationService, res *mocks.ResourceService) {
Expand Down

0 comments on commit dc1b30b

Please sign in to comment.