From 1c27d84951edbccb83e2e37fa2f901453788b734 Mon Sep 17 00:00:00 2001 From: akumar Date: Sun, 21 Apr 2024 11:48:50 +0200 Subject: [PATCH] fix: extend acs-client to validate multiple matching entities and instances for a given subject --- filter_ownership.aql | 11 +-- filter_role_association.aql | 5 +- package-lock.json | 146 ++++++++++++++++++------------------ package.json | 14 ++-- src/service.ts | 8 +- test/cfg/config.json | 2 +- test/service.spec.ts | 29 ++++++- 7 files changed, 121 insertions(+), 94 deletions(-) diff --git a/filter_ownership.aql b/filter_ownership.aql index ab7d7644..cb48ebb8 100644 --- a/filter_ownership.aql +++ b/filter_ownership.aql @@ -2,10 +2,11 @@ let meta = node.meta let owner = meta.owners let found = ( for o in owner - filter o.id == "urn:restorecommerce:acs:names:ownerIndicatoryEntity" && o.value == @entity - let nestedAttributes = o.attributes - for ownerInst in nestedAttributes - filter ownerInst.id == "urn:restorecommerce:acs:names:ownerInstance" && ownerInst.value in @instance - return true + for arg in @customArguments + filter o.id == "urn:restorecommerce:acs:names:ownerIndicatoryEntity" && o.value == arg.entity + let nestedAttributes = o.attributes + for ownerInst in nestedAttributes + filter ownerInst.id == "urn:restorecommerce:acs:names:ownerInstance" && ownerInst.value in arg.instance + return true ) filter true in found diff --git a/filter_role_association.aql b/filter_role_association.aql index 4896e917..b59cd3a2 100644 --- a/filter_role_association.aql +++ b/filter_role_association.aql @@ -5,10 +5,11 @@ let foundAssoc = ( let attributes = roleAssoc.attributes let inAttributes = ( for a in attributes - filter a.id == "urn:restorecommerce:acs:names:roleScopingEntity" && a.value == @scopingEntity + for arg in @customArguments + filter a.id == "urn:restorecommerce:acs:names:roleScopingEntity" && a.value == arg.scopingEntity let nestedAttributes = a.attributes for scopInst in nestedAttributes - filter scopInst.id == "urn:restorecommerce:acs:names:roleScopingInstance" && scopInst.value in @scopingInstances + filter scopInst.id == "urn:restorecommerce:acs:names:roleScopingInstance" && scopInst.value in arg.scopingInstances limit 1 return true ) diff --git a/package-lock.json b/package-lock.json index 39634d8f..23305be6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,13 +9,13 @@ "version": "1.5.0", "license": "MIT", "dependencies": { - "@restorecommerce/acs-client": "^1.5.1", - "@restorecommerce/chassis-srv": "^1.5.0", + "@restorecommerce/acs-client": "^1.6.0", + "@restorecommerce/chassis-srv": "^1.6.0", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/logger": "^1.2.10", "@restorecommerce/rc-grpc-clients": "^5.1.23", - "@restorecommerce/resource-base-interface": "^1.5.0", + "@restorecommerce/resource-base-interface": "^1.6.0", "@restorecommerce/scs-jobs": "^0.1.23", "@restorecommerce/service-config": "^1.0.12", "@zxcvbn-ts/core": "^3.0.4", @@ -24,7 +24,7 @@ "@zxcvbn-ts/language-en": "^3.0.2", "@zxcvbn-ts/matcher-pwned": "^3.0.4", "bcryptjs": "^2.4.3", - "bullmq": "^5.7.1", + "bullmq": "^5.7.3", "cross-env": "^7.0.3", "jose": "^5.2.4", "lodash-es": "^4.17.21", @@ -38,10 +38,10 @@ }, "devDependencies": { "@alenon/grpc-mock-server": "^3.1.10", - "@commitlint/cli": "^19.2.1", - "@commitlint/config-conventional": "^19.1.0", + "@commitlint/cli": "^19.2.2", + "@commitlint/config-conventional": "^19.2.2", "@restorecommerce/dev": "^0.0.9", - "@restorecommerce/protos": "^6.8.1", + "@restorecommerce/protos": "^6.8.2", "@semantic-release-plus/docker": "^3.1.3", "@types/bcryptjs": "^2.4.6", "@types/lodash": "^4.17.0", @@ -293,13 +293,13 @@ } }, "node_modules/@commitlint/cli": { - "version": "19.2.1", - "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.2.1.tgz", - "integrity": "sha512-cbkYUJsLqRomccNxvoJTyv5yn0bSy05BBizVyIcLACkRbVUqYorC351Diw/XFSWC/GtpwiwT2eOvQgFZa374bg==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.2.2.tgz", + "integrity": "sha512-P8cbOHfg2PQRzfICLSrzUVOCVMqjEZ8Hlth6mtJ4yOEjT47Q5PbIGymgX3rLVylNw+3IAT2Djn9IJ2wHbXFzBg==", "dev": true, "dependencies": { "@commitlint/format": "^19.0.3", - "@commitlint/lint": "^19.1.0", + "@commitlint/lint": "^19.2.2", "@commitlint/load": "^19.2.0", "@commitlint/read": "^19.2.1", "@commitlint/types": "^19.0.3", @@ -489,9 +489,9 @@ } }, "node_modules/@commitlint/config-conventional": { - "version": "19.1.0", - "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.1.0.tgz", - "integrity": "sha512-KIKD2xrp6Uuk+dcZVj3++MlzIr/Su6zLE8crEDQCZNvWHNQSeeGbzOlNtsR32TUy6H3JbP7nWgduAHCaiGQ6EA==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.2.2.tgz", + "integrity": "sha512-mLXjsxUVLYEGgzbxbxicGPggDuyWNkf25Ht23owXIH+zV2pv1eJuzLK3t1gDY5Gp6pxdE60jZnWUY5cvgL3ufw==", "dev": true, "dependencies": { "@commitlint/types": "^19.0.3", @@ -588,9 +588,9 @@ } }, "node_modules/@commitlint/is-ignored": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.0.3.tgz", - "integrity": "sha512-MqDrxJaRSVSzCbPsV6iOKG/Lt52Y+PVwFVexqImmYYFhe51iVJjK2hRhOG2jUAGiUHk4jpdFr0cZPzcBkSzXDQ==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.2.2.tgz", + "integrity": "sha512-eNX54oXMVxncORywF4ZPFtJoBm3Tvp111tg1xf4zWXGfhBPKpfKG6R+G3G4v5CPlRROXpAOpQ3HMhA9n1Tck1g==", "dev": true, "dependencies": { "@commitlint/types": "^19.0.3", @@ -616,12 +616,12 @@ } }, "node_modules/@commitlint/lint": { - "version": "19.1.0", - "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.1.0.tgz", - "integrity": "sha512-ESjaBmL/9cxm+eePyEr6SFlBUIYlYpI80n+Ltm7IA3MAcrmiP05UMhJdAD66sO8jvo8O4xdGn/1Mt2G5VzfZKw==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.2.2.tgz", + "integrity": "sha512-xrzMmz4JqwGyKQKTpFzlN0dx0TAiT7Ran1fqEBgEmEj+PU98crOFtysJgY+QdeSagx6EDRigQIXJVnfrI0ratA==", "dev": true, "dependencies": { - "@commitlint/is-ignored": "^19.0.3", + "@commitlint/is-ignored": "^19.2.2", "@commitlint/parse": "^19.0.3", "@commitlint/rules": "^19.0.3", "@commitlint/types": "^19.0.3" @@ -2543,9 +2543,9 @@ } }, "node_modules/@restorecommerce/acs-client": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/@restorecommerce/acs-client/-/acs-client-1.5.1.tgz", - "integrity": "sha512-qQcyHHr/uVPjWUDls02bTRgTekNgXqzHzApIC8SqdCVemFmQjnkUsCMiTe9Bz8x9s1t0nNdMouva2yVTBs3j1g==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/acs-client/-/acs-client-1.6.0.tgz", + "integrity": "sha512-Y7mr8E3+qij6YxP7Nkw6dndMlQtsY76GhTmi+nInVTEpP6o/VKwqCFe7fY8wbP3S+rmnzjmvZBvbnSWGPOvUyw==", "dependencies": { "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", @@ -2560,18 +2560,18 @@ } }, "node_modules/@restorecommerce/chassis-srv": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@restorecommerce/chassis-srv/-/chassis-srv-1.5.0.tgz", - "integrity": "sha512-oODzFgwya6Fuwmbijojk6QO+3jUzRKHaMF6w1t3v8pyAbiUAEuBdWHcAjszIkG7YHi82LXcBYA2DSdPH2KFjvw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/chassis-srv/-/chassis-srv-1.6.0.tgz", + "integrity": "sha512-CMltw92n0H1XgD+lGkZ0hKDQOM8Png9IxyEB179rRrok2C4fkXK80420ect/X7EISVDUdWqThijzqRzuhMflgQ==", "dependencies": { "@grpc/grpc-js": "^1.10.6", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/logger": "^1.2.10", - "@restorecommerce/protos": "^6.8.1", + "@restorecommerce/protos": "^6.8.2", "@restorecommerce/rc-grpc-clients": "^5.1.23", "@restorecommerce/service-config": "^1.0.12", - "arangojs": "^8.7.0", + "arangojs": "8.7.0", "async": "^3.2.5", "async-retry": "^1.3.3", "cache-manager": "4.1.0", @@ -2882,9 +2882,9 @@ } }, "node_modules/@restorecommerce/protos": { - "version": "6.8.1", - "resolved": "https://registry.npmjs.org/@restorecommerce/protos/-/protos-6.8.1.tgz", - "integrity": "sha512-xkyC2IicFVLOmZzKtrDsuVw9M1Qq/1MN5V0IoiTbTlW17jlr8GgY3wlslDhRNR4grp6RThOZLBMWg+SxKdGoBw==" + "version": "6.8.2", + "resolved": "https://registry.npmjs.org/@restorecommerce/protos/-/protos-6.8.2.tgz", + "integrity": "sha512-id/ojKw2yRH++fmUabhpBc1jc/RUO2WIfMcvX88AX8u5GSzKElqjsXGKnl9GMs/duiBnATEYrWkeMztZk+5GmQ==" }, "node_modules/@restorecommerce/rc-grpc-clients": { "version": "5.1.23", @@ -2906,20 +2906,21 @@ } }, "node_modules/@restorecommerce/resource-base-interface": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@restorecommerce/resource-base-interface/-/resource-base-interface-1.5.0.tgz", - "integrity": "sha512-MMpcRNhNKz6cYEp8x0jPv6dK2reOKQka2Um/2za/o6c4OIHuG/1OwVija2uCzuDYtJT7Xzfgb4CQyYT6BomTmw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/resource-base-interface/-/resource-base-interface-1.6.0.tgz", + "integrity": "sha512-4A/H2VAogyJiUCXfzENtbJs2qNc/nX/Tw9yj+BZ0yAFV961ZD5p/WXWyc7+h9sr86bU0PLfKc5wEBEy0fXVTxQ==", "dependencies": { - "@restorecommerce/chassis-srv": "^1.5.0", + "@restorecommerce/chassis-srv": "^1.6.0", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/rc-grpc-clients": "^5.1.23", "@restorecommerce/service-config": "^1.0.12", "lodash": "^4.17.21", + "nice-grpc": "^2.1.8", "redis": "^4.6.13" }, "engines": { - "node": ">= 18.8.0" + "node": ">= 20.0.0" } }, "node_modules/@restorecommerce/scs-jobs": { @@ -4881,9 +4882,9 @@ } }, "node_modules/bullmq": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.7.1.tgz", - "integrity": "sha512-t7FhF2mCGgmjZ1rHuBYIcLwzONm4QFGrO1+9mF7hpjWtXalGfy+nGciVcb69L7aPcdJMR2XTe6bNMWHGbKy8mQ==", + "version": "5.7.3", + "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.7.3.tgz", + "integrity": "sha512-h5iPs5ERkzbbQIzXgc6BFSV48oaGyp02I0MLp8jzPpqsZ2FCvSRgZv9elqu7H7Rhnm8Mm/QSs6v9sOBlrfo0CQ==", "dependencies": { "cron-parser": "^4.6.0", "ioredis": "^5.3.2", @@ -20927,13 +20928,13 @@ "peer": true }, "@commitlint/cli": { - "version": "19.2.1", - "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.2.1.tgz", - "integrity": "sha512-cbkYUJsLqRomccNxvoJTyv5yn0bSy05BBizVyIcLACkRbVUqYorC351Diw/XFSWC/GtpwiwT2eOvQgFZa374bg==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/cli/-/cli-19.2.2.tgz", + "integrity": "sha512-P8cbOHfg2PQRzfICLSrzUVOCVMqjEZ8Hlth6mtJ4yOEjT47Q5PbIGymgX3rLVylNw+3IAT2Djn9IJ2wHbXFzBg==", "dev": true, "requires": { "@commitlint/format": "^19.0.3", - "@commitlint/lint": "^19.1.0", + "@commitlint/lint": "^19.2.2", "@commitlint/load": "^19.2.0", "@commitlint/read": "^19.2.1", "@commitlint/types": "^19.0.3", @@ -21053,9 +21054,9 @@ } }, "@commitlint/config-conventional": { - "version": "19.1.0", - "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.1.0.tgz", - "integrity": "sha512-KIKD2xrp6Uuk+dcZVj3++MlzIr/Su6zLE8crEDQCZNvWHNQSeeGbzOlNtsR32TUy6H3JbP7nWgduAHCaiGQ6EA==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/config-conventional/-/config-conventional-19.2.2.tgz", + "integrity": "sha512-mLXjsxUVLYEGgzbxbxicGPggDuyWNkf25Ht23owXIH+zV2pv1eJuzLK3t1gDY5Gp6pxdE60jZnWUY5cvgL3ufw==", "dev": true, "requires": { "@commitlint/types": "^19.0.3", @@ -21131,9 +21132,9 @@ } }, "@commitlint/is-ignored": { - "version": "19.0.3", - "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.0.3.tgz", - "integrity": "sha512-MqDrxJaRSVSzCbPsV6iOKG/Lt52Y+PVwFVexqImmYYFhe51iVJjK2hRhOG2jUAGiUHk4jpdFr0cZPzcBkSzXDQ==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/is-ignored/-/is-ignored-19.2.2.tgz", + "integrity": "sha512-eNX54oXMVxncORywF4ZPFtJoBm3Tvp111tg1xf4zWXGfhBPKpfKG6R+G3G4v5CPlRROXpAOpQ3HMhA9n1Tck1g==", "dev": true, "requires": { "@commitlint/types": "^19.0.3", @@ -21152,12 +21153,12 @@ } }, "@commitlint/lint": { - "version": "19.1.0", - "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.1.0.tgz", - "integrity": "sha512-ESjaBmL/9cxm+eePyEr6SFlBUIYlYpI80n+Ltm7IA3MAcrmiP05UMhJdAD66sO8jvo8O4xdGn/1Mt2G5VzfZKw==", + "version": "19.2.2", + "resolved": "https://registry.npmjs.org/@commitlint/lint/-/lint-19.2.2.tgz", + "integrity": "sha512-xrzMmz4JqwGyKQKTpFzlN0dx0TAiT7Ran1fqEBgEmEj+PU98crOFtysJgY+QdeSagx6EDRigQIXJVnfrI0ratA==", "dev": true, "requires": { - "@commitlint/is-ignored": "^19.0.3", + "@commitlint/is-ignored": "^19.2.2", "@commitlint/parse": "^19.0.3", "@commitlint/rules": "^19.0.3", "@commitlint/types": "^19.0.3" @@ -22444,9 +22445,9 @@ "requires": {} }, "@restorecommerce/acs-client": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/@restorecommerce/acs-client/-/acs-client-1.5.1.tgz", - "integrity": "sha512-qQcyHHr/uVPjWUDls02bTRgTekNgXqzHzApIC8SqdCVemFmQjnkUsCMiTe9Bz8x9s1t0nNdMouva2yVTBs3j1g==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/acs-client/-/acs-client-1.6.0.tgz", + "integrity": "sha512-Y7mr8E3+qij6YxP7Nkw6dndMlQtsY76GhTmi+nInVTEpP6o/VKwqCFe7fY8wbP3S+rmnzjmvZBvbnSWGPOvUyw==", "requires": { "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", @@ -22461,18 +22462,18 @@ } }, "@restorecommerce/chassis-srv": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@restorecommerce/chassis-srv/-/chassis-srv-1.5.0.tgz", - "integrity": "sha512-oODzFgwya6Fuwmbijojk6QO+3jUzRKHaMF6w1t3v8pyAbiUAEuBdWHcAjszIkG7YHi82LXcBYA2DSdPH2KFjvw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/chassis-srv/-/chassis-srv-1.6.0.tgz", + "integrity": "sha512-CMltw92n0H1XgD+lGkZ0hKDQOM8Png9IxyEB179rRrok2C4fkXK80420ect/X7EISVDUdWqThijzqRzuhMflgQ==", "requires": { "@grpc/grpc-js": "^1.10.6", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/logger": "^1.2.10", - "@restorecommerce/protos": "^6.8.1", + "@restorecommerce/protos": "^6.8.2", "@restorecommerce/rc-grpc-clients": "^5.1.23", "@restorecommerce/service-config": "^1.0.12", - "arangojs": "^8.7.0", + "arangojs": "8.7.0", "async": "^3.2.5", "async-retry": "^1.3.3", "cache-manager": "4.1.0", @@ -22670,9 +22671,9 @@ } }, "@restorecommerce/protos": { - "version": "6.8.1", - "resolved": "https://registry.npmjs.org/@restorecommerce/protos/-/protos-6.8.1.tgz", - "integrity": "sha512-xkyC2IicFVLOmZzKtrDsuVw9M1Qq/1MN5V0IoiTbTlW17jlr8GgY3wlslDhRNR4grp6RThOZLBMWg+SxKdGoBw==" + "version": "6.8.2", + "resolved": "https://registry.npmjs.org/@restorecommerce/protos/-/protos-6.8.2.tgz", + "integrity": "sha512-id/ojKw2yRH++fmUabhpBc1jc/RUO2WIfMcvX88AX8u5GSzKElqjsXGKnl9GMs/duiBnATEYrWkeMztZk+5GmQ==" }, "@restorecommerce/rc-grpc-clients": { "version": "5.1.23", @@ -22691,16 +22692,17 @@ } }, "@restorecommerce/resource-base-interface": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@restorecommerce/resource-base-interface/-/resource-base-interface-1.5.0.tgz", - "integrity": "sha512-MMpcRNhNKz6cYEp8x0jPv6dK2reOKQka2Um/2za/o6c4OIHuG/1OwVija2uCzuDYtJT7Xzfgb4CQyYT6BomTmw==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/@restorecommerce/resource-base-interface/-/resource-base-interface-1.6.0.tgz", + "integrity": "sha512-4A/H2VAogyJiUCXfzENtbJs2qNc/nX/Tw9yj+BZ0yAFV961ZD5p/WXWyc7+h9sr86bU0PLfKc5wEBEy0fXVTxQ==", "requires": { - "@restorecommerce/chassis-srv": "^1.5.0", + "@restorecommerce/chassis-srv": "^1.6.0", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/rc-grpc-clients": "^5.1.23", "@restorecommerce/service-config": "^1.0.12", "lodash": "^4.17.21", + "nice-grpc": "^2.1.8", "redis": "^4.6.13" } }, @@ -24158,9 +24160,9 @@ "dev": true }, "bullmq": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.7.1.tgz", - "integrity": "sha512-t7FhF2mCGgmjZ1rHuBYIcLwzONm4QFGrO1+9mF7hpjWtXalGfy+nGciVcb69L7aPcdJMR2XTe6bNMWHGbKy8mQ==", + "version": "5.7.3", + "resolved": "https://registry.npmjs.org/bullmq/-/bullmq-5.7.3.tgz", + "integrity": "sha512-h5iPs5ERkzbbQIzXgc6BFSV48oaGyp02I0MLp8jzPpqsZ2FCvSRgZv9elqu7H7Rhnm8Mm/QSs6v9sOBlrfo0CQ==", "requires": { "cron-parser": "^4.6.0", "ioredis": "^5.3.2", diff --git a/package.json b/package.json index 0f048e76..00706b0a 100644 --- a/package.json +++ b/package.json @@ -17,13 +17,13 @@ "srv" ], "dependencies": { - "@restorecommerce/acs-client": "^1.5.1", - "@restorecommerce/chassis-srv": "^1.5.0", + "@restorecommerce/acs-client": "^1.6.0", + "@restorecommerce/chassis-srv": "^1.6.0", "@restorecommerce/grpc-client": "^2.2.1", "@restorecommerce/kafka-client": "^1.2.1", "@restorecommerce/logger": "^1.2.10", "@restorecommerce/rc-grpc-clients": "^5.1.23", - "@restorecommerce/resource-base-interface": "^1.5.0", + "@restorecommerce/resource-base-interface": "^1.6.0", "@restorecommerce/scs-jobs": "^0.1.23", "@restorecommerce/service-config": "^1.0.12", "@zxcvbn-ts/core": "^3.0.4", @@ -32,7 +32,7 @@ "@zxcvbn-ts/language-en": "^3.0.2", "@zxcvbn-ts/matcher-pwned": "^3.0.4", "bcryptjs": "^2.4.3", - "bullmq": "^5.7.1", + "bullmq": "^5.7.3", "cross-env": "^7.0.3", "jose": "^5.2.4", "lodash-es": "^4.17.21", @@ -46,10 +46,10 @@ }, "devDependencies": { "@alenon/grpc-mock-server": "^3.1.10", - "@commitlint/cli": "^19.2.1", - "@commitlint/config-conventional": "^19.1.0", + "@commitlint/cli": "^19.2.2", + "@commitlint/config-conventional": "^19.2.2", "@restorecommerce/dev": "^0.0.9", - "@restorecommerce/protos": "^6.8.1", + "@restorecommerce/protos": "^6.8.2", "@semantic-release-plus/docker": "^3.1.3", "@types/bcryptjs": "^2.4.6", "@types/lodash": "^4.17.0", diff --git a/src/service.ts b/src/service.ts index 036a24d7..35783736 100644 --- a/src/service.ts +++ b/src/service.ts @@ -2699,8 +2699,10 @@ export class UserService extends ServiceBase impleme custom_arguments: { value: Buffer.from(JSON.stringify({ userRole: roleID, - scopingEntity: this.cfg.get('urns:organization'), - scopingInstances: [org] + customArguments: [{ + scopingEntity: this.cfg.get('urns:organization'), + scopingInstances: [org] + }] })) } }), {}); @@ -2813,7 +2815,7 @@ export class UserService extends ServiceBase impleme : []; for (let resource of resources) { - resource.meta ??= {}; + resource.meta ??= { }; if (action === AuthZAction.MODIFY || action === AuthZAction.DELETE) { const filters = [{ filters: [{ diff --git a/test/cfg/config.json b/test/cfg/config.json index 082755b8..23e97916 100644 --- a/test/cfg/config.json +++ b/test/cfg/config.json @@ -31,7 +31,7 @@ "logger": { "console": { "handleExceptions": false, - "level": "crit", + "level": "silly", "colorize": true, "prettyPrint": true }, diff --git a/test/service.spec.ts b/test/service.spec.ts index 250936b2..6da4824c 100644 --- a/test/service.spec.ts +++ b/test/service.spec.ts @@ -132,6 +132,26 @@ const permitRoleRule: Rule = { effect: Effect.PERMIT }; +const permitUserRoleRule: Rule = { + id: 'permit_user_role_id', + target: { + actions: [], + resources: [{ id: 'urn:restorecommerce:acs:names:model:entity', value: 'urn:restorecommerce:acs:model:role.Role', attributes: [] }], + subjects: [ + { + id: 'urn:restorecommerce:acs:names:role', + value: 'user-r-id', + attributes: [] + }, + { + id: 'urn:restorecommerce:acs:names:roleScopingEntity', + value: 'urn:restorecommerce:acs:model:organization.Organization', + attributes: [] + }] + }, + effect: Effect.PERMIT +}; + let userRolePolicySetRQ = { policy_sets: [{ @@ -361,6 +381,7 @@ describe('testing identity-srv', () => { registerResult.status.message.should.equal('success'); userRolePolicySetRQ.policy_sets[0].policies[0].rules[0] = permitUserRule; userRolePolicySetRQ.policy_sets[0].policies[1].rules[0] = permitRoleRule; + userRolePolicySetRQ.policy_sets[0].policies[1].rules[1] = permitUserRoleRule; // start mock acs-srv - needed for read operation since acs-client makes a req to acs-srv // to get applicable policies although acs-lookup is disabled await startGrpcMockServer([{ method: 'WhatIsAllowed', output: userRolePolicySetRQ }, @@ -1733,13 +1754,13 @@ describe('testing identity-srv', () => { testUser.role_associations[0].role = 'super-admin-r-id'; const result = await userService.create({ items: [testUser], subject }); result.items[0].status.code.should.equal(403); - result.items[0].status.message.should.equal('The target role super-admin-r-id cannot be assigned to user test.user as user role admin-r-id,admin-r-id does not have permissions'); + result.items[0].status.message.should.equal('The target role super-admin-r-id cannot be assigned to user test.user as user role admin-r-id,admin-r-id,user-r-id does not have permissions'); result.items[0].status.id.should.equal('testuser'); result.operation_status.code.should.equal(200); result.operation_status.message.should.equal('success'); }); - it('should throw an error when hierarchical do not match creator role', async () => { + it('should throw an error when hierarchical scope do not match creator role', async () => { testUser.role_associations[0].role = 'user-r-id'; // auth_context not containing valid creator role (admin-r-id) subjectResolved.hierarchical_scopes = [ @@ -1760,8 +1781,8 @@ describe('testing identity-srv', () => { let hrScopeskey = `cache:${subject.id}:${subject.token}:hrScopes`; await redisClient.set(hrScopeskey, JSON.stringify(subjectResolved.hierarchical_scopes)); const result = await userService.create({ items: [testUser], subject }); - result.items[0].status.code.should.equal(401); - result.items[0].status.message.should.equal('No Hierarchical Scopes could be found'); + result.items[0].status.code.should.equal(403); + result.items[0].status.message.should.equal('The target role user-r-id cannot be assigned to user test.user as user role does not have permissions'); result.items[0].status.id.should.equal('testuser'); result.operation_status.code.should.equal(200); result.operation_status.message.should.equal('success');