Skip to content
Snippets Groups Projects
Commit 0e1bec99 authored by Pavel Antonov's avatar Pavel Antonov :asterisk:
Browse files

fix(core): Исправлена ошибка, при которой запрещенные правилами поля во... 

fix(core): Исправлена ошибка, при которой запрещенные правилами поля во вложенных объектах все равно были доступны пользователю

Close #PRXS-1673
parents 998f3e84 435618cb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
pkg/permission/permission.go
+ 2
8
View file @ 0e1bec99
......@@ -53,12 +53,6 @@ func (p Permission) RemoveFields(in map[string]interface{}) map[string]interface
if in == nil {
return nil
}
out := make(map[string]interface{})
for k, v := range in {
if data.Contains(k, p.UnallowedFields) {
continue
}
out[k] = v
}
return out
data.DeleteMany(p.UnallowedFields, in)
return in
}
pkg/permission/permission_test.go 0 → 100644
+ 60
0
View file @ 0e1bec99
package permission
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestPermission_RemoveFields(t *testing.T) {
tests := []struct {
name string
unallowedFields []string
in map[string]interface{}
want map[string]interface{}
}{
{
name: "nil",
in: nil,
want: nil,
},
{
name: "empty",
in: map[string]interface{}{},
want: map[string]interface{}{},
},
{
name: "empty unallowedFields",
in: map[string]interface{}{"f": "v"},
want: map[string]interface{}{"f": "v"},
unallowedFields: nil,
},
{
name: "remove fields",
in: map[string]interface{}{"f": "v", "f1": "v"},
want: map[string]interface{}{"f": "v"},
unallowedFields: []string{"f1"},
},
{
name: "all present fields allowed",
in: map[string]interface{}{"f": "v", "f1": "v"},
want: map[string]interface{}{"f": "v", "f1": "v"},
unallowedFields: []string{"f2"},
},
{
name: "unallowed fields in nested object",
in: map[string]interface{}{"obj": map[string]interface{}{"f": "v", "f1": "v"}},
want: map[string]interface{}{"obj": map[string]interface{}{"f": "v"}},
unallowedFields: []string{"obj.f1"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := Permission{
UnallowedFields: tt.unallowedFields,
}
assert.Equal(t, tt.want, p.RemoveFields(tt.in))
})
}
}
pkg/permission/ruleset.go
+ 2
0
View file @ 0e1bec99
......@@ -133,6 +133,8 @@ func (r Rule) GetPermission(action Action) *Permission {
p.UnallowedFields = append(p.UnallowedFields, r.ReadonlyFields...)
}
p.UnallowedFields = data.SetFromSlice(p.UnallowedFields)
return p
}
}
......
pkg/permission/ruleset_test.go
+ 41
0
View file @ 0e1bec99
......@@ -49,3 +49,44 @@ func TestMerge(t *testing.T) {
})
}
}
func TestRule_GetPermission(t *testing.T) {
tests := []struct {
name string
action Action
rule Rule
unallowedFields []string
want *Permission
}{
{
name: "ActionRead",
action: ActionRead,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f3"}},
unallowedFields: []string{"f2", "f3"},
},
{
name: "ActionRead readonly&writeonly",
action: ActionRead,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}},
unallowedFields: []string{"f1", "f2"},
},
{
name: "ActionUpdate",
action: ActionUpdate,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f3"}},
unallowedFields: []string{"f1"},
},
{
name: "ActionUpdate readonly&writeonly",
action: ActionUpdate,
rule: Rule{Actions: []Action{ActionRead, ActionUpdate}, ReadonlyFields: []string{"f1"}, HiddenFields: []string{"f2"}, WriteonlyFields: []string{"f1"}},
unallowedFields: []string{"f1"},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := tt.rule.GetPermission(tt.action)
assert.ElementsMatch(t, tt.unallowedFields, p.UnallowedFields)
})
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment