Skip to content

Commit

Permalink
Merge pull request #445 from fluree/feature/http-api-policy-opts
Browse files Browse the repository at this point in the history 
Enable policy opts via http-api
  • Loading branch information
@mpoffald
mpoffald authored Apr 6, 2023
2 parents d6d5a7b + f394d78 commit cfab023
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 8 deletions.
19 changes: 13 additions & 6 deletions src/fluree/db/json_ld/policy.cljc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@
{:rdf/type [:_id]}
{:f/allow [:* {:f/targetRole [:_id]}]}
{:f/property [:* {:f/allow [:* {:f/targetRole [:_id]}]}]}]}
:where [['?s :rdf/type :f/Policy]]}))))
:where [['?s :rdf/type :f/Policy]]
:opts {:context-type :keyword}}))))



(defn policies-for-roles*
Expand Down Expand Up @@ -334,7 +336,9 @@
async/merge
(async/reduce
(fn [acc result]
(into acc result)) [])
(if (instance? Throwable result)
(reduced result)
(into acc result))) [])
<?))))

;; TODO - exceptions in here won't be caught!
Expand All @@ -349,7 +353,9 @@
async/merge
(async/reduce
(fn [acc result]
(into acc result)) [])
(if (instance? Throwable result)
(reduced result)
(into acc result))) [])
<?)))


Expand Down Expand Up @@ -427,8 +433,9 @@
(map #(compile-policy db %))
async/merge
(async/reduce (fn [acc compiled-policy]
(into acc compiled-policy)) [])))

(if (instance? Throwable compiled-policy)
(reduced compiled-policy)
(into acc compiled-policy))) [])))

(defn policy-map
"perm-action is a set of the action(s) being filtered for."
Expand All @@ -441,7 +448,7 @@
role-sids (if (sequential? role)
(->> (<? (subids db role))
(into #{}))
#{(<? (dbproto/-subid db role))})
#{(<? (dbproto/-subid db role ))})
policies {:ident ident-sid
:roles role-sids
:cache (atom {})}
Expand Down
27 changes: 25 additions & 2 deletions test/fluree/db/policy/parsing_test.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,31 @@
:roles #{sid-userRole}}
policy-alice)
"Policies for only :ex/userRole should return")))


(testing "Root policy contains {:root? true} for each applicable :f/action"
(let [policy-root (-> @(fluree/promise-wrap (policy/policy-map db root-did :ex/rootRole nil))
replace-policy-fns)
sid-root-did @(fluree/internal-id db root-did)
sid-rootRole @(fluree/internal-id db :ex/rootRole)]
(is (= {:f/modify {:root? true}
:f/view {:root? true}
:ident sid-root-did
:roles #{sid-rootRole}}
policy-root))))))
(testing "Testing query policy with strings"
(let [conn (test-utils/create-conn)
ledger @(fluree/create conn "policy-parse/a" {:defaultContext ["" {"ex" "http://example.org/ns/"}]
:context-type :string})
root-did (:id (did/private->did-map "8ce4eca704d653dec594703c81a84c403c39f262e54ed014ed857438933a2e1c"))
db @(fluree/stage
(fluree/db ledger)
[{"id" root-did
"f:role" {"id" "ex:rootRole"}}
{"id" "ex:rootPolicy",
"type" ["f:Policy"],
"f:targetNode" {"id" "f:allNodes"}
"f:allow" [{"id" "ex:rootAccessAllow"
"f:targetRole" {"id" "ex:rootRole"}
"f:action" [{"id" "f:view"} {"id" "f:modify"}]}]}])]
(testing "Root policy contains {:root? true} for each applicable :f/action"
(let [policy-root (-> @(fluree/promise-wrap (policy/policy-map db root-did :ex/rootRole nil))
replace-policy-fns)
Expand Down

0 comments on commit cfab023

Please sign in to comment.