feat: match tests and general resource endpoints

Randoooom · Randoooom · commit 308cf153231a · 2025-02-05T18:51:05.000+01:00
diff --git a/src/services/authorization.rs b/src/services/authorization.rs
@@ -29,6 +29,7 @@ use rbs::to_value;
 use std::{
     borrow::Cow,
     collections::{BTreeSet, HashMap},
+    ops::Deref,
 };
 use tonic::Request;
 use wildcard::Wildcard;
@@ -250,22 +251,29 @@ fn is_match(key: &String, endpoint: &Endpoint, permission: &Permission) -> bool
         return false;
     }
 
-    let wildcard = Wildcard::new(second.as_bytes()).unwrap();
+    let ids = match endpoint {
+        Endpoint::Target(Some(id))
+        | Endpoint::Prompt(Some(id))
+        | Endpoint::Field(Some(id))
+        | Endpoint::Response(Some(id)) => vec![id],
+        Endpoint::Export(Some(list)) => list.iter().collect(),
+        Endpoint::Authorize(Some(boxed_endpoint)) => match boxed_endpoint.deref() {
+            Endpoint::Target(Some(id))
+            | Endpoint::Prompt(Some(id))
+            | Endpoint::Field(Some(id))
+            | Endpoint::Response(Some(id)) => vec![id],
+            Endpoint::Export(Some(list)) => list.iter().collect(),
+            _ => Vec::new(),
+        },
+        _ => Vec::new(),
+    };
 
-    match endpoint {
-        Endpoint::Target(Some(id)) | Endpoint::Prompt(Some(id)) | Endpoint::Field(Some(id)) => {
-            if wildcard.is_match(id.as_bytes()) {
-                debug!(
-                    "ResourceAuthorization {} does not match {:?} with {:?}",
-                    key, endpoint, permission
-                );
+    if ids.is_empty() {
+        second.eq("*")
+    } else {
+        let wildcard = Wildcard::new(second.as_bytes()).unwrap();
 
-                true
-            } else {
-                false
-            }
-        }
-        _ => false,
+        ids.iter().all(|id| wildcard.is_match(id.as_bytes()))
     }
 }
 
@@ -363,3 +371,137 @@ async fn get_target_id_by_field_id(connection: &DatabaseConnection, id: &str) ->
 
     id.ok_or(FeedbackFusionError::Unauthorized)
 }
+
+#[cfg(test)]
+mod tests {
+    use std::borrow::Cow;
+
+    use crate::{authorization::is_match, Endpoint, Permission};
+
+    #[test]
+    fn test_is_match_empty() {
+        assert!(!is_match(
+            &"".to_owned(),
+            &Endpoint::Target(Some(Cow::Borrowed("Foo"))),
+            &Permission::Write
+        ));
+    }
+
+    #[test]
+    fn test_is_match_invalid_format() {
+        let endpoint = &Endpoint::Target(Some(Cow::Borrowed("Foo")));
+        let permission = &Permission::Write;
+
+        assert!(!is_match(&"Foo".to_owned(), endpoint, permission));
+        assert!(!is_match(&"Foo::Bar".to_owned(), endpoint, permission));
+        assert!(!is_match(
+            &"Foo::Bar::FooBar".to_owned(),
+            endpoint,
+            permission
+        ));
+    }
+
+    #[test]
+    fn test_is_match_endpoint_matches() {
+        let endpoint = &Endpoint::Target(Some(Cow::Borrowed("Foo")));
+        let permission = &Permission::Write;
+
+        assert!(is_match(
+            &"Target::Foo::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+        assert!(!is_match(
+            &"Targett::Foo::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+        assert!(!is_match(
+            &"Target::Foo::Write".to_owned(),
+            &Endpoint::Prompt(None),
+            permission
+        ));
+    }
+
+    #[test]
+    fn test_is_match_permission_matches() {
+        let endpoint = &Endpoint::Target(Some(Cow::Borrowed("Foo")));
+        let permission = &Permission::Write;
+
+        assert!(is_match(
+            &"Target::Foo::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+        assert!(!is_match(
+            &"Target::Foo::Writer".to_owned(),
+            endpoint,
+            permission
+        ));
+        assert!(!is_match(
+            &"Target::Foo::Write".to_owned(),
+            endpoint,
+            &Permission::Read
+        ));
+    }
+
+    #[test]
+    fn test_is_match_wildcard() {
+        let endpoint = &Endpoint::Target(Some(Cow::Borrowed("FooBar")));
+        let permission = &Permission::Write;
+
+        assert!(is_match(
+            &"Target::FooBar::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(!is_match(
+            &"Target::FooBa::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(is_match(
+            &"Target::*::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(is_match(
+            &"Target::F*r::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(!is_match(
+            &"Target::f*r::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+    }
+
+    #[test]
+    fn test_is_match_full_wildcard() {
+        let endpoint = &Endpoint::Target(None);
+        let permission = &Permission::Write;
+
+        assert!(!is_match(
+            &"Target::FooBar::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(is_match(
+            &"Target::*::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+
+        assert!(!is_match(
+            &"Target::F*::Write".to_owned(),
+            endpoint,
+            permission
+        ));
+    }
+}
diff --git a/src/services/v1/authorization.rs b/src/services/v1/authorization.rs
@@ -25,11 +25,11 @@ use crate::{
     prelude::*,
 };
 use feedback_fusion_common::proto::{
-    AuthorizationGrant as ProtoAuthorizationGrant,
-    AuthorizationType as ProtoAuthorizationType,
-    // GetResourceAuthorizationRequest, ResourceAuthorization as ProtoResourceAuthorization,
-    ResourceAuthorizationList,
-    ResourceKind as ProtoResourceKind,
+    AuthorizationGrant as ProtoAuthorizationGrant, AuthorizationType as ProtoAuthorizationType,
+    DeleteResourceAuthorizationRequest, GetResourceAuthorizationRequest,
+    GetResourceAuthorizationsRequest, ResourceAuthorization as ProtoResourceAuthorization,
+    ResourceAuthorizationList, ResourceAuthorizationPage, ResourceKind as ProtoResourceKind,
+    UpdateResourceAuthorizationRequest,
 };
 
 use feedback_fusion_common::proto::CreateResourceAuthorizationRequest;
@@ -104,22 +104,86 @@ pub async fn create_resource_authorization(
     }))
 }
 
-//pub async fn get_resoruce_authorization(
-//    context: &FeedbackFusionV1Context,
-//    request: Request<GetResourceAuthorizationRequest>,
-//    _user_context: UserContext,
-//) -> Result<Response<ProtoResourceAuthorization>> {
-//    let connection = context.connection();
-//    let data = request.into_inner();
-//    data.validate()?;
-//
-//    let authorization = database_request!(
-//        ResourceAuthorization::select_by_id(connection, data.id.as_str()).await,
-//        "Select authorization by id"
-//    )?
-//    .ok_or(FeedbackFusionError::BadRequest(
-//        "ResourceAuthorization not found".to_owned(),
-//    ))?;
-//
-//    Ok(Response::new(authorization.into()))
-//}
+pub async fn get_resoruce_authorization(
+    context: &FeedbackFusionV1Context,
+    request: Request<GetResourceAuthorizationRequest>,
+    _user_context: UserContext,
+) -> Result<Response<ProtoResourceAuthorization>> {
+    let connection = context.connection();
+    let data = request.into_inner();
+    data.validate()?;
+
+    let authorization = database_request!(
+        ResourceAuthorization::select_by_id(connection, data.id.as_str()).await,
+        "Select authorization by id"
+    )?
+    .ok_or(FeedbackFusionError::BadRequest(
+        "ResourceAuthorization not found".to_owned(),
+    ))?;
+
+    Ok(Response::new(authorization.into()))
+}
+
+pub async fn get_resource_authorizations(
+    context: &FeedbackFusionV1Context,
+    request: Request<GetResourceAuthorizationsRequest>,
+    _user_context: UserContext,
+) -> Result<Response<ResourceAuthorizationPage>> {
+    let _connection = context.connection();
+    let _data = request.into_inner();
+
+    todo!();
+}
+
+pub async fn update_resource_authorization(
+    context: &FeedbackFusionV1Context,
+    request: Request<UpdateResourceAuthorizationRequest>,
+    _user_context: UserContext,
+) -> Result<Response<ProtoResourceAuthorization>> {
+    let connection = context.connection();
+    let data = request.into_inner();
+    data.validate()?;
+
+    let mut authorization = database_request!(
+        ResourceAuthorization::select_by_id(connection, data.id.as_str()).await,
+        "Select ResourceAuthorization by id"
+    )?
+    .ok_or(FeedbackFusionError::BadRequest(
+        "ResourceAuthorization not found".to_owned(),
+    ))?;
+
+    authorization.set_resource_id(data.resource_id);
+    if let Some(grant) = data.authorization_grant {
+        authorization
+            .set_authorization_grant((&ProtoAuthorizationGrant::try_from(grant).unwrap()).into());
+    }
+
+    if let Some(authorization_type) = data.authorization_type {
+        authorization.set_authorization_type(
+            (&ProtoAuthorizationType::try_from(authorization_type).unwrap()).into(),
+        );
+    }
+
+    database_request!(
+        ResourceAuthorization::update_by_column(connection, &authorization, "id").await,
+        "Update Resourceauthorization"
+    )?;
+
+    Ok(Response::new(authorization.into()))
+}
+
+pub async fn delete_resoruce_authorization(
+    context: &FeedbackFusionV1Context,
+    request: Request<DeleteResourceAuthorizationRequest>,
+    _user_context: UserContext,
+) -> Result<Response<()>> {
+    let connection = context.connection();
+    let data = request.into_inner();
+
+    database_request!(
+        ResourceAuthorization::delete_by_column(connection, "id", data.id.as_str()).await,
+        "Delete ResourceAuthorization by id"
+    )?;
+
+    Ok(Response::new(()))
+}
