diff --git a/backend/mariadb_backend.ml b/backend/mariadb_backend.ml index b59b4df..dfa9f3d 100644 --- a/backend/mariadb_backend.ml +++ b/backend/mariadb_backend.ml @@ -688,10 +688,10 @@ struct let select_sql = {sql| - actor_permissions.actor_uuid, + guardianDecodeUuid(actor_permissions.actor_uuid), actor_permissions.permission, actor_permissions.target_model, - actor_permissions.target_uuid + guardianDecodeUuid(actor_permissions.target_uuid) |sql} ;; @@ -754,37 +754,21 @@ struct Database.exec ?ctx insert_request %> Lwt_result.ok ;; - let delete_model_request = - {sql| - UPDATE guardian_actor_permissions - SET mark_as_deleted = NOW() - WHERE actor_uuid = guardianEncodeUuid($1) - AND permission = $2 - AND target_model = $3 - AND target_uuid = NULL - |sql} - |> Entity.ActorPermission.t ->. Caqti_type.unit - ;; - - let delete_id_request = + let delete_request = {sql| UPDATE guardian_actor_permissions SET mark_as_deleted = NOW() WHERE actor_uuid = guardianEncodeUuid($1) AND permission = $2 - AND target_model = NULL - AND target_uuid = guardianEncodeUuid($4) + AND (($3 IS NULL AND target_model IS NULL) OR target_model = $3) + AND (($4 IS NULL AND target_uuid IS NULL) OR target_uuid = guardianEncodeUuid($4)) |sql} |> Entity.ActorPermission.t ->. Caqti_type.unit ;; let delete ?ctx permission = let () = clear_cache () in - Lwt_result.ok - @@ ((match permission.Entity.ActorPermission.target with - | Guard.TargetEntity.Id _ -> delete_id_request - | Guard.TargetEntity.Model _ -> delete_model_request) - |> CCFun.flip (Database.exec ?ctx) permission) + Database.exec ?ctx delete_request permission |> Lwt_result.ok ;; end diff --git a/test/main.ml b/test/main.ml index 9ca1219..d346209 100644 --- a/test/main.ml +++ b/test/main.ml @@ -580,6 +580,39 @@ module Tests (Backend : Guard.PersistenceSig) = struct |> Lwt.return ;; + let test_drop_actor_permission ?ctx (_ : 'a) () = + let open ActorPermission in + let open Backend.ActorPermission in + let actor_permission_id = + create_for_id (snd thomas) Delete chris_article_id + in + let actor_permission_model = + create_for_model (snd thomas) Delete `Article + in + let check ?(available = true) perm = + let msg = + Format.asprintf + "Validate if actor permission is %s" + (if available then "available" else "absent") + in + find_all ?ctx () + |> Lwt.map (CCList.exists (equal perm)) + |> Lwt.map (Alcotest.(check bool) msg available) + in + (let* () = insert ?ctx actor_permission_id in + let%lwt () = check actor_permission_id in + let* () = delete ?ctx actor_permission_id in + let%lwt () = check ~available:false actor_permission_id in + let* () = insert ?ctx actor_permission_model in + let%lwt () = check actor_permission_model in + let* () = delete ?ctx actor_permission_model in + let%lwt () = check ~available:false actor_permission_model in + Lwt.return_ok ()) + >|= Alcotest.(check (result unit string)) + "Read/Delete the actor permissions." + (Ok ()) + ;; + let hacker_cannot_update_article ?ctx (_ : 'a) () = let%lwt ben = Hacker.to_authorizable ?ctx ben |> Lwt.map CCResult.get_or_failwith @@ -769,6 +802,10 @@ let () = , [ test_case "permissions" `Quick (test_find_permissions_of_actor ?ctx) ; test_case "validate existance" `Quick (test_exists_fcn ?ctx) ; test_case "remove duplicates" `Quick (test_remove_duplicates ?ctx) + ; test_case + "Insert/Delete actor permission." + `Quick + (test_drop_actor_permission ?ctx) ] ) ; ( Format.asprintf "(%s) Validation for Role assignment" name , [ test_case "create" `Quick (test_role_assignment_create ?ctx)