feat: Introduce ModesExtractor for intermediate containers

This commit is contained in:
Joachim Van Herwegen
2022-06-29 10:57:33 +02:00
parent 7085252b3f
commit 18391ec414
3 changed files with 147 additions and 0 deletions

View File

@@ -0,0 +1,55 @@
import type { Operation } from '../../http/Operation';
import type { ResourceSet } from '../../storage/ResourceSet';
import type { IdentifierStrategy } from '../../util/identifiers/IdentifierStrategy';
import { ModesExtractor } from './ModesExtractor';
import type { AccessMap } from './Permissions';
import { AccessMode } from './Permissions';
/**
* Returns the required access modes from the source {@link ModesExtractor}.
* In case create permissions are required,
* verifies if any of the containers permissions also need to be created
* and adds the corresponding identifier/mode combinations.
*/
export class IntermediateCreateExtractor extends ModesExtractor {
private readonly resourceSet: ResourceSet;
private readonly strategy: IdentifierStrategy;
private readonly source: ModesExtractor;
/**
* Certain permissions depend on the existence of the target resource.
* The provided {@link ResourceSet} will be used for that.
* @param resourceSet - {@link ResourceSet} that can verify the target resource existence.
* @param strategy - {@link IdentifierStrategy} that will be used to determine parent containers.
* @param source - The source {@link ModesExtractor}.
*/
public constructor(resourceSet: ResourceSet, strategy: IdentifierStrategy, source: ModesExtractor) {
super();
this.resourceSet = resourceSet;
this.strategy = strategy;
this.source = source;
}
public async canHandle(input: Operation): Promise<void> {
return this.source.canHandle(input);
}
public async handle(input: Operation): Promise<AccessMap> {
const requestedModes = await this.source.handle(input);
for (const key of requestedModes.distinctKeys()) {
if (requestedModes.hasEntry(key, AccessMode.create)) {
// Add the `create` mode if the parent does not exist yet
const parent = this.strategy.getParentContainer(key);
if (!await this.resourceSet.hasResource(parent)) {
// It is not completely clear at this point which permissions need to be available
// on intermediate containers to create them,
// so we stick with `create` for now.
requestedModes.add(parent, AccessMode.create);
}
}
}
return requestedModes;
}
}

View File

@@ -16,6 +16,7 @@ export * from './authorization/access/AgentGroupAccessChecker';
// Authorization/Permissions
export * from './authorization/permissions/AclPermission';
export * from './authorization/permissions/IntermediateCreateExtractor';
export * from './authorization/permissions/ModesExtractor';
export * from './authorization/permissions/MethodModesExtractor';
export * from './authorization/permissions/N3PatchModesExtractor';

View File

@@ -0,0 +1,91 @@
import { IntermediateCreateExtractor } from '../../../../src/authorization/permissions/IntermediateCreateExtractor';
import type { ModesExtractor } from '../../../../src/authorization/permissions/ModesExtractor';
import type { AccessMap } from '../../../../src/authorization/permissions/Permissions';
import { AccessMode } from '../../../../src/authorization/permissions/Permissions';
import type { Operation } from '../../../../src/http/Operation';
import { BasicRepresentation } from '../../../../src/http/representation/BasicRepresentation';
import type { ResourceSet } from '../../../../src/storage/ResourceSet';
import { SingleRootIdentifierStrategy } from '../../../../src/util/identifiers/SingleRootIdentifierStrategy';
import { IdentifierSetMultiMap } from '../../../../src/util/map/IdentifierMap';
import { joinUrl } from '../../../../src/util/PathUtil';
import { compareMaps } from '../../../util/Util';
describe('An IntermediateCreateExtractor', (): void => {
const baseUrl = 'http://example.com/';
let operation: Operation;
const strategy = new SingleRootIdentifierStrategy(baseUrl);
let resourceSet: jest.Mocked<ResourceSet>;
let source: jest.Mocked<ModesExtractor>;
let sourceMap: AccessMap;
let extractor: IntermediateCreateExtractor;
beforeEach(async(): Promise<void> => {
operation = {
target: { path: joinUrl(baseUrl, 'foo') },
preferences: {},
method: 'PUT',
body: new BasicRepresentation(),
};
resourceSet = {
hasResource: jest.fn().mockResolvedValue(true),
};
sourceMap = new IdentifierSetMultiMap();
source = {
canHandle: jest.fn(),
handle: jest.fn().mockResolvedValue(sourceMap),
} as any;
extractor = new IntermediateCreateExtractor(resourceSet, strategy, source);
});
it('can handle everything its source can handle.', async(): Promise<void> => {
await expect(extractor.canHandle(operation)).resolves.toBeUndefined();
expect(source.canHandle).toHaveBeenCalledTimes(1);
expect(source.canHandle).toHaveBeenLastCalledWith(operation);
jest.resetAllMocks();
source.canHandle.mockRejectedValueOnce(new Error('bad input'));
await expect(extractor.canHandle(operation)).rejects.toThrow('bad input');
expect(source.canHandle).toHaveBeenCalledTimes(1);
expect(source.canHandle).toHaveBeenLastCalledWith(operation);
});
it('returns the source output if no create permissions are needed.', async(): Promise<void> => {
const identifier = { path: joinUrl(baseUrl, 'foo') };
sourceMap.set(identifier, new Set([ AccessMode.read ]));
const resultMap = new IdentifierSetMultiMap([[ identifier, AccessMode.read ]]);
compareMaps(await extractor.handle(operation), resultMap);
expect(resourceSet.hasResource).toHaveBeenCalledTimes(0);
});
it('requests create permissions for all parent containers that do not exist.', async(): Promise<void> => {
const idA = { path: joinUrl(baseUrl, 'a/') };
const idAB = { path: joinUrl(baseUrl, 'a/b/') };
const idABC = { path: joinUrl(baseUrl, 'a/b/c/') };
const idD = { path: joinUrl(baseUrl, 'd/') };
const idDE = { path: joinUrl(baseUrl, 'd/e/') };
sourceMap.set(idABC, new Set([ AccessMode.create, AccessMode.write ]));
sourceMap.set(idDE, new Set([ AccessMode.create, AccessMode.append ]));
sourceMap.set(idD, new Set([ AccessMode.read ]));
resourceSet.hasResource.mockImplementation(async(id): Promise<boolean> => id.path === baseUrl);
const resultMap = new IdentifierSetMultiMap([
[ idA, AccessMode.create ],
[ idAB, AccessMode.create ],
[ idABC, AccessMode.create ],
[ idABC, AccessMode.write ],
[ idD, AccessMode.create ],
[ idD, AccessMode.read ],
[ idDE, AccessMode.create ],
[ idDE, AccessMode.append ],
]);
compareMaps(await extractor.handle(operation), resultMap);
});
});