Skip to content

Commit

Permalink
fix: add ACS filters for read operation
Browse files Browse the repository at this point in the history
  • Loading branch information
@Arun-KumarH
Arun-KumarH committed Jul 8, 2022
1 parent 71dcc5d commit 1326cc2
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 2 deletions.
20 changes: 19 additions & 1 deletion src/service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { RedisClientType } from 'redis';
import { ServiceBase, FilterOperation } from '@restorecommerce/resource-base-interface';
import { ACSAuthZ, Subject, DecisionResponse, Operation, PolicySetRQResponse } from '@restorecommerce/acs-client';
import { Decision, AuthZAction } from '@restorecommerce/acs-client';
import { checkAccessRequest } from './utils';
import { checkAccessRequest, getACSFilters } from './utils';
import * as uuid from 'uuid';

export class ResourceService extends ServiceBase {
Expand Down Expand Up @@ -68,6 +68,24 @@ export class ResourceService extends ServiceBase {
if (acsResponse.decision != Decision.PERMIT) {
return { operation_status: acsResponse.operation_status };
}
const acsFilters = getACSFilters(acsResponse, this.resourceName);
if (acsResponse && acsResponse.filters && acsFilters) {
if (!readRequest.filters) {
readRequest.filters = [];
}
if (_.isArray(acsFilters)) {
for (let acsFilter of acsFilters) {
readRequest.filters.push(acsFilter);
}
} else {
readRequest.filters.push(acsFilters);
}
}

if (acsResponse?.custom_query_args && acsResponse.custom_query_args.length > 0) {
readRequest.custom_queries = acsResponse.custom_query_args[0].custom_queries;
readRequest.custom_arguments = acsResponse.custom_query_args[0].custom_arguments;
}
return await super.read({ request: readRequest });
}

Expand Down
21 changes: 20 additions & 1 deletion src/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,4 +93,23 @@ export async function checkAccessRequest(ctx: GQLClientContext, resource: Resour
};
}
return result;
}
}

/**
* accessResponse returned from `acs-client` contains the filters for the list of
* resources requested and it returns resource filter map, below api
* returns applicable `Filters[]` for the specified resource, it iterates through
* the ACS response and returns the applicable `Filters[]` for the resource.
* @param accessResponse ACS response
* @param enitity enitity name
*/
export const getACSFilters = (accessResponse: PolicySetRQResponse, resource: string): Filters[] => {
let acsFilters = [];
const resourceFilterMap = accessResponse?.filters;
const resourceFilter = resourceFilterMap?.filter((e) => e?.resource === resource);
// for a given entity there should be one filter map
if (resourceFilter && resourceFilter.length === 1 && resourceFilter[0].filters && resourceFilter[0].filters[0]?.filter.length > 0) {
acsFilters = resourceFilter[0].filters;
}
return acsFilters;
};

0 comments on commit 1326cc2

Please sign in to comment.