Skip to content

Commit

Permalink
when transforming a PermissionADM into a DefaultObjectAccessPermissio…
Browse files Browse the repository at this point in the history
…nPart check that token and name are consistent
  • Loading branch information
seakayone committed Nov 14, 2024
1 parent 3fd1ff6 commit b3afdfa
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -930,7 +930,7 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
)
assertFailsWithA[BadRequestException](
exit,
s"Given permission code $code and permission name $name are not consistent.",
s"Given permission code '$code' and permission name '$name' are not consistent.",
)
}

Expand All @@ -957,7 +957,7 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
)
assertFailsWithA[BadRequestException](
exit,
s"Invalid value for name parameter of hasPermissions: $name, it should be one of " +
s"Invalid permission token '$name', it should be one of " +
s"${Permission.ObjectAccess.allTokens.mkString(", ")}",
)
}
Expand Down Expand Up @@ -985,8 +985,7 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
)
assertFailsWithA[BadRequestException](
exit,
s"Invalid value for permissionCode parameter of hasPermissions: $code, it should be one of " +
s"${Permission.ObjectAccess.allCodes.mkString(", ")}",
s"Invalid permission code '$code', it should be one of " + s"${Permission.ObjectAccess.allCodes.mkString(", ")}",
)
}

Expand All @@ -1012,7 +1011,7 @@ class PermissionsResponderSpec extends CoreSpec with ImplicitSender {
)
assertFailsWithA[BadRequestException](
exit,
s"One of permission code or permission name must be provided for a default object access permission.",
s"Invalid permission token '', it should be one of RV, M, V, CR, D",
)
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@ final case class PermissionsResponder(
)
if (permission.permissionCode.nonEmpty) {
val code = permission.permissionCode.get
if (Permission.ObjectAccess.from(code).isEmpty) {
if (Permission.ObjectAccess.from(code).isLeft) {
throw BadRequestException(
s"Invalid value for permissionCode parameter of hasPermissions: $code, it should be one of " +
s"${Permission.ObjectAccess.allCodes.mkString(", ")}",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,18 @@ object DefaultObjectAccessPermission {
object DefaultObjectAccessPermissionPart {
def from(adm: PermissionADM): Either[String, DefaultObjectAccessPermissionPart] =
for {
group <- adm.additionalInformation.toRight("No object access code present").flatMap(GroupIri.from)
perm = adm.permissionCode.flatMap(Permission.ObjectAccess.from).getOrElse(Permission.ObjectAccess.Delete)
group <- adm.additionalInformation.toRight("No object access group present").flatMap(GroupIri.from)
perm <- (adm.permissionCode, adm.name) match
case (None, name) => Permission.ObjectAccess.fromToken(name)
case (Some(code), name) if name.nonEmpty =>
for {
perm1 <- Permission.ObjectAccess.from(code)
perm2 <- Permission.ObjectAccess.fromToken(name)
p <- if perm1 == perm2 then Right(perm1)
else Left(s"Given permission code '$code' and permission name '$name' are not consistent.")
} yield p
case (Some(code), _) => Permission.ObjectAccess.from(code)

} yield DefaultObjectAccessPermissionPart(perm, NonEmptyChunk(group))
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,14 @@ object Permission {

val maxPermission: ObjectAccess = ChangeRights

def from(code: Int): Option[ObjectAccess] = all.find(_.code == code)

def fromToken(token: String): Option[ObjectAccess] = all.find(_.token == token)
def from(code: Int): Either[String, ObjectAccess] =
all
.find(_.code == code)
.toRight(s"Invalid permission code '$code', it should be one of ${allCodes.mkString(", ")}")

def fromToken(token: String): Either[String, ObjectAccess] = all
.find(_.token == token)
.toRight(s"Invalid permission token '$token', it should be one of ${allTokens.mkString(", ")}")

val all: Set[ObjectAccess] = Set(
ObjectAccess.ChangeRights,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@

package org.knora.webapi.slice.admin.domain.service
import zio.Chunk
import zio.IO
import zio.Task
import zio.ZLayer

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,6 @@ object DefaultObjectAccessPermissionRepoLive {
val part: Either[String, DefaultObjectAccessPermissionPart] =
Permission.ObjectAccess
.fromToken(token)
.toRight("No valid Object Access token")
.flatMap { permission =>
Chunk
.fromIterable(groups.split(','))
Expand Down

0 comments on commit b3afdfa

Please sign in to comment.