Skip to content

Commit

Permalink
Filter query results by the specified subject type(s) when selecting …
Browse files Browse the repository at this point in the history 
…subjects (#283)
  • Loading branch information
@kkajla12
kkajla12 authored Jan 9, 2024
1 parent df258e0 commit 5d8dcc5
Show file tree
Hide file tree
Showing 3 changed files with 210 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .golangci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ linters:
linters-settings:
goheader:
template: |-
Copyright {{YEAR-RANGE}} Forerunner Labs, Inc.
Copyright 2023 Forerunner Labs, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down
2 changes: 1 addition & 1 deletion pkg/authz/query/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,7 @@ func (svc QueryService) matchRelation(ctx context.Context, selectSubjects bool,
}
}
}
} else if selectSubjects {
} else if selectSubjects && matches(matchFilters.SubjectType, matchedWarrant.Subject.ObjectType) {
resultSet.Add(matchedWarrant.Subject.ObjectType, matchedWarrant.Subject.ObjectId, matchedWarrant, level > 0)
} else if matches(matchFilters.SubjectType, matchedWarrant.Subject.ObjectType) && matches(matchFilters.SubjectId, matchedWarrant.Subject.ObjectId) {
resultSet.Add(matchedWarrant.ObjectType, matchedWarrant.ObjectId, matchedWarrant, level > 0)
Expand Down
208 changes: 208 additions & 0 deletions tests/v2/query.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1792,6 +1792,214 @@
"expectedResponse": {
"statusCode": 200
}
},
{
"name": "assignRoleDeveloperMemberOfPermissionViewDocs",
"request": {
"method": "POST",
"url": "/v2/warrants",
"body": {
"objectType": "permission",
"objectId": "view-docs",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "developer"
}
}
},
"expectedResponse": {
"statusCode": 200,
"body": {
"objectType": "permission",
"objectId": "view-docs",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "developer"
}
}
}
},
{
"name": "assignRoleManagerMemberOfRoleDeveloper",
"request": {
"method": "POST",
"url": "/v2/warrants",
"body": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "manager"
}
}
},
"expectedResponse": {
"statusCode": 200,
"body": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "manager"
}
}
}
},
{
"name": "assignUserRichardMemberOfRoleDeveloper",
"request": {
"method": "POST",
"url": "/v2/warrants",
"body": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "user",
"objectId": "richard"
}
}
},
"expectedResponse": {
"statusCode": 200,
"body": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "user",
"objectId": "richard"
}
}
}
},
{
"name": "selectMembersOfTypeUserForPermissionViewDocs",
"request": {
"method": "GET",
"url": "/v2/query?q=select%20member%20of%20type%20user%20for%20permission:view-docs"
},
"expectedResponse": {
"statusCode": 200,
"body": {
"results": [
{
"objectType": "user",
"objectId": "richard",
"warrant": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "user",
"objectId": "richard"
}
},
"isImplicit": true
}
]
}
}
},
{
"name": "selectMembersOfAnyTypeForPermissionViewDocs",
"request": {
"method": "GET",
"url": "/v2/query?q=select%20member%20of%20type%20%2A%20for%20permission:view-docs"
},
"expectedResponse": {
"statusCode": 200,
"body": {
"results": [
{
"objectType": "role",
"objectId": "developer",
"warrant": {
"objectType": "permission",
"objectId": "view-docs",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "developer"
}
},
"isImplicit": false
},
{
"objectType": "role",
"objectId": "manager",
"warrant": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "role",
"objectId": "manager"
}
},
"isImplicit": true
},
{
"objectType": "user",
"objectId": "richard",
"warrant": {
"objectType": "role",
"objectId": "developer",
"relation": "member",
"subject": {
"objectType": "user",
"objectId": "richard"
}
},
"isImplicit": true
}
]
}
}
},
{
"name": "deleteUserRichard",
"request": {
"method": "DELETE",
"url": "/v2/objects/user/richard"
},
"expectedResponse": {
"statusCode": 200
}
},
{
"name": "deleteRoleManager",
"request": {
"method": "DELETE",
"url": "/v2/objects/role/manager"
},
"expectedResponse": {
"statusCode": 200
}
},
{
"name": "deleteRoleDeveloper",
"request": {
"method": "DELETE",
"url": "/v2/objects/role/developer"
},
"expectedResponse": {
"statusCode": 200
}
},
{
"name": "deletePermissionViewDocs",
"request": {
"method": "DELETE",
"url": "/v2/objects/permission/view-docs"
},
"expectedResponse": {
"statusCode": 200
}
}
]
}

0 comments on commit 5d8dcc5

Please sign in to comment.