Skip to content

Commit 1c81fd0

Browse files
Leopold-CramerLeopold-Cramer
committed
restore some naming for clarity
1 parent 4112003 commit 1c81fd0

File tree

7 files changed

+203
-206
lines changed

7 files changed

+203
-206
lines changed

common/src/main/kotlin/com/cosmotech/common/rbac/CsmRbac.kt

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,12 @@ open class CsmRbac(
3838

3939
// Make sure we have at least one admin
4040
if (!objectSecurity.accessControlList.any { it.role == ROLE_ADMIN }) {
41-
val currentEntityId = getCurrentAccountIdentifier(csmPlatformProperties)
42-
val currentEntityACL = objectSecurity.accessControlList.find { it.id == currentEntityId }
43-
if (currentEntityACL != null) {
44-
currentEntityACL.role = ROLE_ADMIN
41+
val currentUserId = getCurrentAccountIdentifier(csmPlatformProperties)
42+
val currentUserACL = objectSecurity.accessControlList.find { it.id == currentUserId }
43+
if (currentUserACL != null) {
44+
currentUserACL.role = ROLE_ADMIN
4545
} else {
46-
objectSecurity.accessControlList.add(RbacAccessControl(currentEntityId, ROLE_ADMIN))
46+
objectSecurity.accessControlList.add(RbacAccessControl(currentUserId, ROLE_ADMIN))
4747
}
4848
}
4949

@@ -57,7 +57,7 @@ open class CsmRbac(
5757
) {
5858
if (!this.check(rbacSecurity, permission, rolesDefinition))
5959
throw CsmAccessForbiddenException(
60-
"RBAC ${rbacSecurity.id} - Entity does not have permission $permission")
60+
"RBAC ${rbacSecurity.id} - User does not have permission $permission")
6161
}
6262

6363
fun check(
@@ -206,15 +206,14 @@ open class CsmRbac(
206206
return isAdmin
207207
}
208208

209-
internal fun verifyEntity(
209+
internal fun verifyUser(
210210
rbacSecurity: RbacSecurity,
211211
permission: String,
212212
rolesDefinition: RolesDefinition,
213213
user: String,
214214
groups: List<String>
215215
): Boolean {
216-
logger.debug(
217-
"RBAC ${rbacSecurity.id} - Verifying $user or one of $groups has permission in ACL: $permission")
216+
logger.debug("RBAC ${rbacSecurity.id} - Verifying $user has permission in ACL: $permission")
218217
val isAuthorized =
219218
if (rbacSecurity.accessControlList.any() { it.id == user }) {
220219
verifyPermissionFromRole(permission, getEntityRole(rbacSecurity, user), rolesDefinition)
@@ -225,8 +224,7 @@ open class CsmRbac(
225224
verifyPermissionFromRole(
226225
permission, getEntityRole(rbacSecurity, rbacSecurity.default), rolesDefinition)
227226
}
228-
logger.debug(
229-
"RBAC ${rbacSecurity.id} - $user or one of $groups has permission $permission in ACL: $isAuthorized")
227+
logger.debug("RBAC ${rbacSecurity.id} - $user has permission $permission in ACL: $isAuthorized")
230228
return isAuthorized
231229
}
232230

@@ -251,7 +249,7 @@ open class CsmRbac(
251249
groups: List<String>
252250
): Boolean {
253251
return (this.verifyDefault(rbacSecurity, permission, rolesDefinition) ||
254-
this.verifyEntity(rbacSecurity, permission, rolesDefinition, user, groups))
252+
this.verifyUser(rbacSecurity, permission, rolesDefinition, user, groups))
255253
}
256254

257255
internal fun verifyPermissionFromRole(

common/src/test/kotlin/com/cosmotech/common/rbac/CsmRbacTests.kt

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -274,19 +274,18 @@ class CsmRbacTests {
274274

275275
@Test
276276
fun `verify permission read for user writer OK`() {
277-
assertTrue(
278-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_READER, emptyList()))
277+
assertTrue(rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_READER, emptyList()))
279278
}
280279

281280
@Test
282281
fun `verify permission write for user writer KO`() {
283282
assertFalse(
284-
rbac.verifyEntity(rbacSecurity, PERM_WRITE, rolesDefinition, USER_READER, emptyList()))
283+
rbac.verifyUser(rbacSecurity, PERM_WRITE, rolesDefinition, USER_READER, emptyList()))
285284
}
286285

287286
@Test
288287
fun `verify permission read for user none KO`() {
289-
assertFalse(rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NONE, emptyList()))
288+
assertFalse(rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NONE, emptyList()))
290289
}
291290

292291
@Test
@@ -303,14 +302,14 @@ class CsmRbacTests {
303302
fun `add new reader user and verify read permission OK`() {
304303
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
305304
assertTrue(
306-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
305+
rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
307306
}
308307

309308
@Test
310309
fun `add new reader user and verify write permission KO`() {
311310
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
312311
assertFalse(
313-
rbac.verifyEntity(rbacSecurity, PERM_WRITE, rolesDefinition, USER_NEW_READER, emptyList()))
312+
rbac.verifyUser(rbacSecurity, PERM_WRITE, rolesDefinition, USER_NEW_READER, emptyList()))
314313
}
315314

316315
@Test
@@ -340,7 +339,7 @@ class CsmRbacTests {
340339
rbac.addEntityRole(
341340
parentRbacSecurity, rbacSecurity, USER_IN_PARENT, USER_READER_ROLE, rolesDefinition)
342341
assertTrue(
343-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_IN_PARENT, emptyList()))
342+
rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_IN_PARENT, emptyList()))
344343
}
345344

346345
@Test
@@ -350,7 +349,7 @@ class CsmRbacTests {
350349
val rbacSecurity =
351350
rbac.addEntityRole(
352351
parentRbacSecurity, rbacSecurity, USER_NOTIN, USER_READER_ROLE, rolesDefinition)
353-
assertTrue(rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NOTIN, emptyList()))
352+
assertTrue(rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NOTIN, emptyList()))
354353
}
355354

356355
@Test
@@ -360,7 +359,7 @@ class CsmRbacTests {
360359
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
361360
rbac.removeEntity(rbacSecurity, USER_NEW_READER, rolesDefinition)
362361
assertFalse(
363-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
362+
rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
364363
}
365364

366365
@Test
@@ -370,7 +369,7 @@ class CsmRbacTests {
370369
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
371370
rbac.removeEntity(rbacSecurity, USER_NEW_READER, rolesDefinition)
372371
assertTrue(
373-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
372+
rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
374373
}
375374

376375
@Test
@@ -380,21 +379,21 @@ class CsmRbacTests {
380379
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
381380
rbac.removeEntity(rbacSecurity, USER_NEW_READER, rolesDefinition)
382381
assertTrue(
383-
rbac.verifyEntity(rbacSecurity, PERM_ADMIN, rolesDefinition, USER_NEW_READER, emptyList()))
382+
rbac.verifyUser(rbacSecurity, PERM_ADMIN, rolesDefinition, USER_NEW_READER, emptyList()))
384383
}
385384

386385
@Test
387386
fun `update existing new user and verify write permission OK`() {
388387
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_WRITER_ROLE, rolesDefinition)
389388
assertTrue(
390-
rbac.verifyEntity(rbacSecurity, PERM_WRITE, rolesDefinition, USER_NEW_READER, emptyList()))
389+
rbac.verifyUser(rbacSecurity, PERM_WRITE, rolesDefinition, USER_NEW_READER, emptyList()))
391390
}
392391

393392
@Test
394393
fun `update existing new user and verify read permission OK`() {
395394
rbac.setEntityRole(rbacSecurity, USER_NEW_READER, USER_READER_ROLE, rolesDefinition)
396395
assertTrue(
397-
rbac.verifyEntity(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
396+
rbac.verifyUser(rbacSecurity, PERM_READ, rolesDefinition, USER_NEW_READER, emptyList()))
398397
}
399398

400399
@Test

dataset/src/integrationTest/kotlin/com/cosmotech/dataset/service/DatasetServiceRBACTest.kt

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -183,7 +183,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
183183
organizationSaved.id, workspaceSaved.id, datasetCreated.id)
184184
}
185185
assertEquals(
186-
"RBAC ${datasetCreated.id} - Entity does not have permission $PERMISSION_READ",
186+
"RBAC ${datasetCreated.id} - User does not have permission $PERMISSION_READ",
187187
exception.message)
188188
} else {
189189
assertDoesNotThrow {
@@ -231,7 +231,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
231231
DatasetAccessControl("NewUser", role))
232232
}
233233
assertEquals(
234-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE_SECURITY",
234+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE_SECURITY",
235235
exception.message)
236236
} else {
237237
assertDoesNotThrow {
@@ -275,7 +275,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
275275
organizationSaved.id, workspaceSaved.id, listOf(), null, null)
276276
}
277277
assertEquals(
278-
"RBAC ${workspaceSaved.id} - Entity does not have permission $PERMISSION_READ",
278+
"RBAC ${workspaceSaved.id} - User does not have permission $PERMISSION_READ",
279279
exception.message)
280280
} else {
281281
assertDoesNotThrow {
@@ -320,7 +320,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
320320
organizationSaved.id, workspaceSaved.id, datasetSaved.id)
321321
}
322322
assertEquals(
323-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_DELETE",
323+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_DELETE",
324324
exception.message)
325325
} else {
326326
assertDoesNotThrow {
@@ -368,7 +368,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
368368
CONNECTED_DEFAULT_USER)
369369
}
370370
assertEquals(
371-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE_SECURITY",
371+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE_SECURITY",
372372
exception.message)
373373
} else {
374374
assertDoesNotThrow {
@@ -427,7 +427,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
427427
organizationSaved.id, workspaceSaved.id, dataset, mockMultipartFiles)
428428
}
429429
assertEquals(
430-
"RBAC ${workspaceSaved.id} - Entity does not have permission $PERMISSION_CREATE_CHILDREN",
430+
"RBAC ${workspaceSaved.id} - User does not have permission $PERMISSION_CREATE_CHILDREN",
431431
exception.message)
432432
} else {
433433
assertDoesNotThrow {
@@ -476,7 +476,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
476476
CONNECTED_DEFAULT_USER)
477477
}
478478
assertEquals(
479-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ_SECURITY",
479+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ_SECURITY",
480480
exception.message)
481481
} else {
482482
assertDoesNotThrow {
@@ -524,7 +524,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
524524
organizationSaved.id, workspaceSaved.id, datasetSaved.id)
525525
}
526526
assertEquals(
527-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ_SECURITY",
527+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ_SECURITY",
528528
exception.message)
529529
} else {
530530
assertDoesNotThrow {
@@ -568,7 +568,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
568568
organizationSaved.id, workspaceSaved.id, null, null)
569569
}
570570
assertEquals(
571-
"RBAC ${workspaceSaved.id} - Entity does not have permission $PERMISSION_READ",
571+
"RBAC ${workspaceSaved.id} - User does not have permission $PERMISSION_READ",
572572
exception.message)
573573
} else {
574574
assertDoesNotThrow {
@@ -634,7 +634,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
634634
arrayOf())
635635
}
636636
assertEquals(
637-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE",
637+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE",
638638
exception.message)
639639
} else {
640640
assertDoesNotThrow {
@@ -688,7 +688,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
688688
null)
689689
}
690690
assertEquals(
691-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ",
691+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ",
692692
exception.message)
693693
} else {
694694
assertDoesNotThrow {
@@ -742,7 +742,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
742742
DatasetRole(role))
743743
}
744744
assertEquals(
745-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE_SECURITY",
745+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE_SECURITY",
746746
exception.message)
747747
} else {
748748
assertDoesNotThrow {
@@ -794,7 +794,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
794794
DatasetRole(role))
795795
}
796796
assertEquals(
797-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE_SECURITY",
797+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE_SECURITY",
798798
exception.message)
799799
} else {
800800
assertDoesNotThrow {
@@ -858,7 +858,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
858858
makeDatasetPartCreateRequest())
859859
}
860860
assertEquals(
861-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE",
861+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE",
862862
exception.message)
863863
} else {
864864
assertDoesNotThrow {
@@ -925,7 +925,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
925925
datasetSaved.parts[0].id)
926926
}
927927
assertEquals(
928-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE",
928+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE",
929929
exception.message)
930930
} else {
931931
assertDoesNotThrow {
@@ -991,7 +991,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
991991
datasetSaved.parts[0].id)
992992
}
993993
assertEquals(
994-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ",
994+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ",
995995
exception.message)
996996
} else {
997997
assertDoesNotThrow {
@@ -1057,7 +1057,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
10571057
datasetSaved.parts[0].id)
10581058
}
10591059
assertEquals(
1060-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ",
1060+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ",
10611061
exception.message)
10621062
} else {
10631063
assertDoesNotThrow {
@@ -1120,7 +1120,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
11201120
organizationSaved.id, workspaceSaved.id, datasetSaved.id, null, null)
11211121
}
11221122
assertEquals(
1123-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_READ",
1123+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_READ",
11241124
exception.message)
11251125
} else {
11261126
assertDoesNotThrow {
@@ -1185,7 +1185,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
11851185
makeDatasetPartUpdateRequest())
11861186
}
11871187
assertEquals(
1188-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE",
1188+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE",
11891189
exception.message)
11901190
} else {
11911191
assertDoesNotThrow {
@@ -1254,7 +1254,7 @@ class DatasetServiceRBACTest : CsmTestBase() {
12541254
makeDatasetPartUpdateRequest())
12551255
}
12561256
assertEquals(
1257-
"RBAC ${datasetSaved.id} - Entity does not have permission $PERMISSION_WRITE",
1257+
"RBAC ${datasetSaved.id} - User does not have permission $PERMISSION_WRITE",
12581258
exception.message)
12591259
} else {
12601260
assertDoesNotThrow {

0 commit comments

Comments
 (0)