Skip to content

Commit 673a184

Browse files
dpetrandpetran
authored
Merge pull request #103 from fluree/feature/required-policy
Required policy support
2 parents 1ffefe4 + dd0df05 commit 673a184

File tree

3 files changed

+10
-7
lines changed

3 files changed

+10
-7
lines changed

deps.edn

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{:deps {org.clojure/clojure {:mvn/version "1.11.3"}
22
org.clojure/core.async {:mvn/version "1.6.681"}
33
com.fluree/db {:git/url "https://github.com/fluree/db.git"
4-
:git/sha "fe4842745daa2dc25199961f23eb96fa55ce14ba"}
4+
:git/sha "5b86afd02d4437c8f0e271c5fde5f1428e67515b"}
55
com.fluree/json-ld {:git/url "https://github.com/fluree/json-ld.git"
66
:git/sha "73a990a4b803d0b4cfbbbe4dc16275b39a3add4e"}
77

src/fluree/server/handler.clj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -263,9 +263,9 @@
263263
policy-values (when-let [pv (get-in req [:headers "fluree-policy-values"])]
264264
(try
265265
(let [pv* (json/parse pv false)]
266-
(if (map? pv*)
266+
(if (sequential? pv*)
267267
pv*
268-
(throw (ex-info "Invalid Fluree-Policy-Values header, it must be a map of variables to values."
268+
(throw (ex-info "Invalid Fluree-Policy-Values header, it must be a valid values binding: [[\"?varA\" \"?varB\"] [[<a1> <b1>] [<a2> <b2>] ...]]"
269269
{:status 400}))))
270270
(catch Exception _
271271
(throw (ex-info "Invalid Fluree-Policy-Values header: must be JSON."

test/fluree/server/integration/policy_test.clj

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
{"@id" "ex:ssnRestriction"
4646
"@type" ["f:AccessPolicy" "ex:EmployeePolicy"]
4747
"f:onProperty" [{"@id" "schema:ssn"}]
48+
"f:required" true
4849
"f:action" [{"@id" "f:view"} {"@id" "f:modify"}]
4950
"f:query" {"@type" "@json"
5051
"@value" {"@context" {"ex" "http://example.org/ns/"}
@@ -272,6 +273,7 @@
272273
"@type" ["f:AccessPolicy" "ex:EmployeePolicy"]
273274
"f:onProperty" [{"@id" "schema:ssn"}]
274275
"f:action" [{"@id" "f:view"} {"@id" "f:modify"}]
276+
"f:required" true
275277
"f:query" {"@type" "@json"
276278
"@value" {"@context" {"ex" "http://example.org/ns/"}
277279
"where" {"@id" "?$identity"
@@ -295,7 +297,7 @@
295297
(json/write-value-as-string
296298
(assoc secret-query
297299
"opts" {"policyClass" "ex:EmployeePolicy"
298-
"policyValues" {"?$identity" alice-did}}))
300+
"policyValues" ["?$identity" [alice-did]]}))
299301
:headers json-headers}
300302
query-res (api-post :query query-req)]
301303

@@ -315,7 +317,7 @@
315317
schema:ssn ?ssn.}")
316318
:headers (assoc sparql-headers
317319
"Fluree-Policy-Class" "ex:EmployeePolicy"
318-
"Fluree-Policy-Values" (json/write-value-as-string {"?$identity" alice-did}))}
320+
"Fluree-Policy-Values" (json/write-value-as-string ["?$identity" [alice-did]]))}
319321
query-res (api-post :query query-req)]
320322

321323
(is (= [["ex:alice" "111-11-1111"]]
@@ -369,6 +371,7 @@
369371
"@type" ["f:AccessPolicy" "ex:EmployeePolicy"]
370372
"f:onProperty" [{"@id" "schema:ssn"}]
371373
"f:action" [{"@id" "f:view"} {"@id" "f:modify"}]
374+
"f:required" true
372375
"f:query" {"@type" "@json"
373376
"@value" {"@context" {"ex" "http://example.org/ns/"}
374377
"where" {"@id" "?$identity"
@@ -378,7 +381,7 @@
378381
"f:action" {"@id" "f:view"}
379382
"f:query" {"@type" "@json"
380383
"@value" {}}}]}
381-
policy-values {"?$identity" alice-did}
384+
policy-values ["?$identity" [alice-did]]
382385
query-req {:body
383386
(json/write-value-as-string
384387
(assoc secret-query
@@ -408,4 +411,4 @@
408411

409412
(is (= [["ex:alice" "111-11-1111"]]
410413
(-> query-res :body json/read-value))
411-
"query policy opts should prevent seeing john's ssn"))))))
414+
"query policy opts should prevent seeing john's ssn"))))))

0 commit comments

Comments
 (0)