Skip to content

Commit

Permalink
add test and fix delete actor permission query
Browse files Browse the repository at this point in the history
  • Loading branch information
@mabiede
mabiede committed Feb 14, 2024
1 parent 1c07d92 commit 020e876
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 22 deletions.
28 changes: 6 additions & 22 deletions backend/mariadb_backend.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -688,10 +688,10 @@ struct

let select_sql =
{sql|
actor_permissions.actor_uuid,
guardianDecodeUuid(actor_permissions.actor_uuid),
actor_permissions.permission,
actor_permissions.target_model,
actor_permissions.target_uuid
guardianDecodeUuid(actor_permissions.target_uuid)
|sql}
;;

Expand Down Expand Up @@ -754,37 +754,21 @@ struct
Database.exec ?ctx insert_request %> Lwt_result.ok
;;

let delete_model_request =
{sql|
UPDATE guardian_actor_permissions
SET mark_as_deleted = NOW()
WHERE actor_uuid = guardianEncodeUuid($1)
AND permission = $2
AND target_model = $3
AND target_uuid = NULL
|sql}
|> Entity.ActorPermission.t ->. Caqti_type.unit
;;

let delete_id_request =
let delete_request =
{sql|
UPDATE guardian_actor_permissions
SET mark_as_deleted = NOW()
WHERE actor_uuid = guardianEncodeUuid($1)
AND permission = $2
AND target_model = NULL
AND target_uuid = guardianEncodeUuid($4)
AND (($3 IS NULL AND target_model IS NULL) OR target_model = $3)
AND (($4 IS NULL AND target_uuid IS NULL) OR target_uuid = guardianEncodeUuid($4))
|sql}
|> Entity.ActorPermission.t ->. Caqti_type.unit
;;

let delete ?ctx permission =
let () = clear_cache () in
Lwt_result.ok
@@ ((match permission.Entity.ActorPermission.target with
| Guard.TargetEntity.Id _ -> delete_id_request
| Guard.TargetEntity.Model _ -> delete_model_request)
|> CCFun.flip (Database.exec ?ctx) permission)
Database.exec ?ctx delete_request permission |> Lwt_result.ok
;;
end

Expand Down
37 changes: 37 additions & 0 deletions test/main.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -580,6 +580,39 @@ module Tests (Backend : Guard.PersistenceSig) = struct
|> Lwt.return
;;

let test_drop_actor_permission ?ctx (_ : 'a) () =
let open ActorPermission in
let open Backend.ActorPermission in
let actor_permission_id =
create_for_id (snd thomas) Delete chris_article_id
in
let actor_permission_model =
create_for_model (snd thomas) Delete `Article
in
let check ?(available = true) perm =
let msg =
Format.asprintf
"Validate if actor permission is %s"
(if available then "available" else "absent")
in
find_all ?ctx ()
|> Lwt.map (CCList.exists (equal perm))
|> Lwt.map (Alcotest.(check bool) msg available)
in
(let* () = insert ?ctx actor_permission_id in
let%lwt () = check actor_permission_id in
let* () = delete ?ctx actor_permission_id in
let%lwt () = check ~available:false actor_permission_id in
let* () = insert ?ctx actor_permission_model in
let%lwt () = check actor_permission_model in
let* () = delete ?ctx actor_permission_model in
let%lwt () = check ~available:false actor_permission_model in
Lwt.return_ok ())
>|= Alcotest.(check (result unit string))
"Read/Delete the actor permissions."
(Ok ())
;;

let hacker_cannot_update_article ?ctx (_ : 'a) () =
let%lwt ben =
Hacker.to_authorizable ?ctx ben |> Lwt.map CCResult.get_or_failwith
Expand Down Expand Up @@ -769,6 +802,10 @@ let () =
, [ test_case "permissions" `Quick (test_find_permissions_of_actor ?ctx)
; test_case "validate existance" `Quick (test_exists_fcn ?ctx)
; test_case "remove duplicates" `Quick (test_remove_duplicates ?ctx)
; test_case
"Insert/Delete actor permission."
`Quick
(test_drop_actor_permission ?ctx)
] )
; ( Format.asprintf "(%s) Validation for Role assignment" name
, [ test_case "create" `Quick (test_role_assignment_create ?ctx)
Expand Down

0 comments on commit 020e876

Please sign in to comment.