Skip to content

Commit

Permalink
fix: check engine overwrote result in some cases (#412)
Browse files Browse the repository at this point in the history
  • Loading branch information
zepatrik authored Jan 26, 2021
1 parent 10cd0b3 commit 3404492
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 0 deletions.
3 changes: 3 additions & 0 deletions internal/check/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ func (e *Engine) subjectIsAllowed(ctx context.Context, requested *relationtuple.
if err != nil {
return false, err
}
if allowed {
return true, nil
}
}

return allowed, nil
Expand Down
42 changes: 42 additions & 0 deletions internal/check/engine_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -385,4 +385,46 @@ func TestEngine(t *testing.T) {
}
}
})

t.Run("case=wide tuple graph", func(t *testing.T) {
namesp, obj, access, member, users, orgs := "namesp", "obj", "access", "member", []string{"u1", "u2", "u3", "u4"}, []string{"o1", "o2"}

reg := newDepsProvider(t, []*namespace.Namespace{{Name: namesp, ID: 1}})

for _, org := range orgs {
require.NoError(t, reg.RelationTupleManager().WriteRelationTuples(context.Background(), &relationtuple.InternalRelationTuple{
Namespace: namesp,
Object: obj,
Relation: access,
Subject: &relationtuple.SubjectSet{
Namespace: namesp,
Object: org,
Relation: member,
},
}))
}

for i, user := range users {
require.NoError(t, reg.RelationTupleManager().WriteRelationTuples(context.Background(), &relationtuple.InternalRelationTuple{
Namespace: namesp,
Object: orgs[i%len(orgs)],
Relation: member,
Subject: &relationtuple.SubjectID{ID: user},
}))
}

e := check.NewEngine(reg)

for _, user := range users {
req := &relationtuple.InternalRelationTuple{
Namespace: namesp,
Object: obj,
Relation: access,
Subject: &relationtuple.SubjectID{ID: user},
}
allowed, err := e.SubjectIsAllowed(context.Background(), req)
require.NoError(t, err)
assert.True(t, allowed, req.String())
}
})
}

0 comments on commit 3404492

Please sign in to comment.