mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Update ModesExtractors to support new permission interface
This commit is contained in:
Joachim Van Herwegen
@@ -1,13 +1,31 @@
|
||||
import { MethodModesExtractor } from '../../../../src/authorization/permissions/MethodModesExtractor';
|
||||
import type { AccessMap } from '../../../../src/authorization/permissions/Permissions';
|
||||
import { AccessMode } from '../../../../src/authorization/permissions/Permissions';
|
||||
import type { Operation } from '../../../../src/http/Operation';
|
||||
import { BasicRepresentation } from '../../../../src/http/representation/BasicRepresentation';
|
||||
import type { ResourceIdentifier } from '../../../../src/http/representation/ResourceIdentifier';
|
||||
import type { ResourceSet } from '../../../../src/storage/ResourceSet';
|
||||
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
|
||||
import { IdentifierSetMultiMap } from '../../../../src/util/map/IdentifierMap';
|
||||
import { compareMaps } from '../../../util/Util';
|
||||
|
||||
describe('A MethodModesExtractor', (): void => {
|
||||
const target: ResourceIdentifier = { path: 'http://example.com/foo' };
|
||||
const operation: Operation = {
|
||||
method: 'GET',
|
||||
target,
|
||||
preferences: {},
|
||||
body: new BasicRepresentation(),
|
||||
};
|
||||
let resourceSet: jest.Mocked<ResourceSet>;
|
||||
let extractor: MethodModesExtractor;
|
||||
|
||||
function getMap(modes: AccessMode[], identifier?: ResourceIdentifier): AccessMap {
|
||||
return new IdentifierSetMultiMap(
|
||||
modes.map((mode): [ResourceIdentifier, AccessMode] => [ identifier ?? target, mode ]),
|
||||
);
|
||||
}
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
resourceSet = {
|
||||
hasResource: jest.fn().mockResolvedValue(true),
|
||||
@@ -16,44 +34,43 @@ describe('A MethodModesExtractor', (): void => {
|
||||
});
|
||||
|
||||
it('can handle HEAD/GET/POST/PUT/DELETE.', async(): Promise<void> => {
|
||||
await expect(extractor.canHandle({ method: 'HEAD' } as Operation)).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ method: 'GET' } as Operation)).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ method: 'POST' } as Operation)).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ method: 'PUT' } as Operation)).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ method: 'DELETE' } as Operation)).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ method: 'PATCH' } as Operation)).rejects.toThrow(NotImplementedHttpError);
|
||||
await expect(extractor.canHandle({ ...operation, method: 'HEAD' })).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ ...operation, method: 'GET' })).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ ...operation, method: 'POST' })).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ ...operation, method: 'PUT' })).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ ...operation, method: 'DELETE' })).resolves.toBeUndefined();
|
||||
await expect(extractor.canHandle({ ...operation, method: 'PATCH' })).rejects.toThrow(NotImplementedHttpError);
|
||||
});
|
||||
|
||||
it('requires read for HEAD operations.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'HEAD' } as Operation)).resolves.toEqual(new Set([ AccessMode.read ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'HEAD' }), getMap([ AccessMode.read ]));
|
||||
});
|
||||
|
||||
it('requires read for GET operations.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'GET' } as Operation)).resolves.toEqual(new Set([ AccessMode.read ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'GET' }), getMap([ AccessMode.read ]));
|
||||
});
|
||||
|
||||
it('requires append for POST operations.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'POST' } as Operation)).resolves.toEqual(new Set([ AccessMode.append ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'POST' }), getMap([ AccessMode.append ]));
|
||||
});
|
||||
|
||||
it('requires write for PUT operations.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'PUT' } as Operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.write ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'PUT' }), getMap([ AccessMode.write ]));
|
||||
});
|
||||
|
||||
it('requires create for PUT operations if the target does not exist.', async(): Promise<void> => {
|
||||
resourceSet.hasResource.mockResolvedValueOnce(false);
|
||||
await expect(extractor.handle({ method: 'PUT' } as Operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.write, AccessMode.create ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'PUT' }),
|
||||
getMap([ AccessMode.write, AccessMode.create ]));
|
||||
});
|
||||
|
||||
it('requires delete for DELETE operations.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'DELETE', target: { path: 'http://example.com/foo' }} as Operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.delete ]));
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'DELETE' }), getMap([ AccessMode.delete ]));
|
||||
});
|
||||
|
||||
it('also requires read for DELETE operations on containers.', async(): Promise<void> => {
|
||||
await expect(extractor.handle({ method: 'DELETE', target: { path: 'http://example.com/foo/' }} as Operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.delete, AccessMode.read ]));
|
||||
const identifier = { path: 'http://example.com/foo/' };
|
||||
compareMaps(await extractor.handle({ ...operation, method: 'DELETE', target: identifier }),
|
||||
getMap([ AccessMode.delete, AccessMode.read ], identifier));
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,22 +1,33 @@
|
||||
import { DataFactory } from 'n3';
|
||||
import type { Quad } from 'rdf-js';
|
||||
import { N3PatchModesExtractor } from '../../../../src/authorization/permissions/N3PatchModesExtractor';
|
||||
import type { AccessMap } from '../../../../src/authorization/permissions/Permissions';
|
||||
import { AccessMode } from '../../../../src/authorization/permissions/Permissions';
|
||||
import type { Operation } from '../../../../src/http/Operation';
|
||||
import { BasicRepresentation } from '../../../../src/http/representation/BasicRepresentation';
|
||||
import type { N3Patch } from '../../../../src/http/representation/N3Patch';
|
||||
import type { ResourceIdentifier } from '../../../../src/http/representation/ResourceIdentifier';
|
||||
import type { ResourceSet } from '../../../../src/storage/ResourceSet';
|
||||
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
|
||||
import { IdentifierSetMultiMap } from '../../../../src/util/map/IdentifierMap';
|
||||
import { compareMaps } from '../../../util/Util';
|
||||
|
||||
const { quad, namedNode } = DataFactory;
|
||||
|
||||
describe('An N3PatchModesExtractor', (): void => {
|
||||
const target: ResourceIdentifier = { path: 'http://example.com/foo' };
|
||||
const triple: Quad = quad(namedNode('a'), namedNode('b'), namedNode('c'));
|
||||
let patch: N3Patch;
|
||||
let operation: Operation;
|
||||
let resourceSet: jest.Mocked<ResourceSet>;
|
||||
let extractor: N3PatchModesExtractor;
|
||||
|
||||
function getMap(modes: AccessMode[], identifier?: ResourceIdentifier): AccessMap {
|
||||
return new IdentifierSetMultiMap(
|
||||
modes.map((mode): [ResourceIdentifier, AccessMode] => [ identifier ?? target, mode ]),
|
||||
);
|
||||
}
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
patch = new BasicRepresentation() as N3Patch;
|
||||
patch.deletes = [];
|
||||
@@ -27,7 +38,7 @@ describe('An N3PatchModesExtractor', (): void => {
|
||||
method: 'PATCH',
|
||||
body: patch,
|
||||
preferences: {},
|
||||
target: { path: 'http://example.com/foo' },
|
||||
target,
|
||||
};
|
||||
|
||||
resourceSet = {
|
||||
@@ -47,30 +58,29 @@ describe('An N3PatchModesExtractor', (): void => {
|
||||
|
||||
it('requires read access when there are conditions.', async(): Promise<void> => {
|
||||
patch.conditions = [ triple ];
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.read ]));
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.read ]));
|
||||
});
|
||||
|
||||
it('requires append access when there are inserts.', async(): Promise<void> => {
|
||||
patch.inserts = [ triple ];
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append ]));
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append ]));
|
||||
});
|
||||
|
||||
it('requires create access when there are inserts and the resource does not exist.', async(): Promise<void> => {
|
||||
resourceSet.hasResource.mockResolvedValueOnce(false);
|
||||
patch.inserts = [ triple ];
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append, AccessMode.create ]));
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append, AccessMode.create ]));
|
||||
});
|
||||
|
||||
it('requires read and write access when there are inserts.', async(): Promise<void> => {
|
||||
patch.deletes = [ triple ];
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.read, AccessMode.write ]));
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.read, AccessMode.write ]));
|
||||
});
|
||||
|
||||
it('combines required access modes when required.', async(): Promise<void> => {
|
||||
patch.conditions = [ triple ];
|
||||
patch.inserts = [ triple ];
|
||||
patch.deletes = [ triple ];
|
||||
await expect(extractor.handle(operation)).resolves
|
||||
.toEqual(new Set([ AccessMode.read, AccessMode.append, AccessMode.write ]));
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.read, AccessMode.append, AccessMode.write ]));
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,17 +1,40 @@
|
||||
import { Factory } from 'sparqlalgebrajs';
|
||||
import type { AccessMap } from '../../../../src/authorization/permissions/Permissions';
|
||||
import { AccessMode } from '../../../../src/authorization/permissions/Permissions';
|
||||
import { SparqlUpdateModesExtractor } from '../../../../src/authorization/permissions/SparqlUpdateModesExtractor';
|
||||
import type { Operation } from '../../../../src/http/Operation';
|
||||
import { BasicRepresentation } from '../../../../src/http/representation/BasicRepresentation';
|
||||
import type { ResourceIdentifier } from '../../../../src/http/representation/ResourceIdentifier';
|
||||
import type { SparqlUpdatePatch } from '../../../../src/http/representation/SparqlUpdatePatch';
|
||||
import type { ResourceSet } from '../../../../src/storage/ResourceSet';
|
||||
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
|
||||
import { IdentifierSetMultiMap } from '../../../../src/util/map/IdentifierMap';
|
||||
import { compareMaps } from '../../../util/Util';
|
||||
|
||||
describe('A SparqlUpdateModesExtractor', (): void => {
|
||||
const target: ResourceIdentifier = { path: 'http://example.com/foo' };
|
||||
let patch: SparqlUpdatePatch;
|
||||
let operation: Operation;
|
||||
let resourceSet: jest.Mocked<ResourceSet>;
|
||||
let extractor: SparqlUpdateModesExtractor;
|
||||
const factory = new Factory();
|
||||
|
||||
function getMap(modes: AccessMode[], identifier?: ResourceIdentifier): AccessMap {
|
||||
return new IdentifierSetMultiMap(
|
||||
modes.map((mode): [ResourceIdentifier, AccessMode] => [ identifier ?? target, mode ]),
|
||||
);
|
||||
}
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
patch = new BasicRepresentation() as SparqlUpdatePatch;
|
||||
|
||||
operation = {
|
||||
method: 'PATCH',
|
||||
body: patch,
|
||||
preferences: {},
|
||||
target,
|
||||
};
|
||||
|
||||
resourceSet = {
|
||||
hasResource: jest.fn().mockResolvedValue(true),
|
||||
};
|
||||
@@ -19,7 +42,7 @@ describe('A SparqlUpdateModesExtractor', (): void => {
|
||||
});
|
||||
|
||||
it('can only handle (composite) SPARQL DELETE/INSERT operations.', async(): Promise<void> => {
|
||||
const operation = { method: 'PATCH', body: { algebra: factory.createDeleteInsert() }} as unknown as Operation;
|
||||
patch.algebra = factory.createDeleteInsert();
|
||||
await expect(extractor.canHandle(operation)).resolves.toBeUndefined();
|
||||
(operation.body as SparqlUpdatePatch).algebra = factory.createCompositeUpdate([ factory.createDeleteInsert() ]);
|
||||
await expect(extractor.canHandle(operation)).resolves.toBeUndefined();
|
||||
@@ -28,75 +51,59 @@ describe('A SparqlUpdateModesExtractor', (): void => {
|
||||
await expect(result).rejects.toThrow(NotImplementedHttpError);
|
||||
await expect(result).rejects.toThrow('Cannot determine permissions of non-SPARQL patches.');
|
||||
|
||||
result = extractor.canHandle({ ...operation,
|
||||
body: { algebra: factory.createMove('DEFAULT', 'DEFAULT') } as unknown as SparqlUpdatePatch });
|
||||
patch.algebra = factory.createMove('DEFAULT', 'DEFAULT');
|
||||
result = extractor.canHandle(operation);
|
||||
await expect(result).rejects.toThrow(NotImplementedHttpError);
|
||||
await expect(result).rejects.toThrow('Can only determine permissions of a PATCH with DELETE/INSERT operations.');
|
||||
});
|
||||
|
||||
it('requires nothing for NOP operations.', async(): Promise<void> => {
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createNop() },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set());
|
||||
patch.algebra = factory.createNop();
|
||||
compareMaps(await extractor.handle(operation), getMap([]));
|
||||
});
|
||||
|
||||
it('requires append for INSERT operations.', async(): Promise<void> => {
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]) },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append ]));
|
||||
patch.algebra = factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]);
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append ]));
|
||||
});
|
||||
|
||||
it('requires create for INSERT operations if the resource does not exist.', async(): Promise<void> => {
|
||||
resourceSet.hasResource.mockResolvedValueOnce(false);
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]) },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append, AccessMode.create ]));
|
||||
patch.algebra = factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]);
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append, AccessMode.create ]));
|
||||
});
|
||||
|
||||
it('requires read and write for DELETE operations.', async(): Promise<void> => {
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createDeleteInsert([
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]) },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.read, AccessMode.write ]));
|
||||
patch.algebra = factory.createDeleteInsert([
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]);
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.read, AccessMode.write ]));
|
||||
});
|
||||
|
||||
it('requires read and append for composite operations with an insert and conditions.', async(): Promise<void> => {
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createCompositeUpdate([ factory.createDeleteInsert(undefined, [
|
||||
patch.algebra = factory.createCompositeUpdate([
|
||||
factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
], factory.createBgp([
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
])) ]) },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append, AccessMode.read ]));
|
||||
])),
|
||||
]);
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append, AccessMode.read ]));
|
||||
});
|
||||
|
||||
it('requires read, write and append for composite operations with a delete and insert.', async(): Promise<void> => {
|
||||
const operation = {
|
||||
method: 'PATCH',
|
||||
body: { algebra: factory.createCompositeUpdate([ factory.createDeleteInsert(undefined, [
|
||||
patch.algebra = factory.createCompositeUpdate([
|
||||
factory.createDeleteInsert(undefined, [
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]),
|
||||
factory.createDeleteInsert([
|
||||
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
|
||||
]) ]) },
|
||||
} as unknown as Operation;
|
||||
await expect(extractor.handle(operation))
|
||||
.resolves.toEqual(new Set([ AccessMode.append, AccessMode.read, AccessMode.write ]));
|
||||
]),
|
||||
]);
|
||||
compareMaps(await extractor.handle(operation), getMap([ AccessMode.append, AccessMode.read, AccessMode.write ]));
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user