Skip to content

Commit

Permalink
PR(ACP): Disable Mutation Of Policy Through Patch
Browse files Browse the repository at this point in the history
  • Loading branch information
@shahzadlone
shahzadlone committed Apr 2, 2024
1 parent 644acc2 commit b2cd5e1
Show file tree
Hide file tree
Showing 4 changed files with 193 additions and 0 deletions.
20 changes: 20 additions & 0 deletions db/collection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,6 +660,7 @@ var patchCollectionValidators = []func(
validateSourcesNotRedefined,
validateIndexesNotModified,
validateFieldsNotModified,
validatePolicyNotModified,
validateIDNotZero,
validateIDUnique,
validateIDExists,
Expand Down Expand Up @@ -801,6 +802,25 @@ func validateFieldsNotModified(
return nil
}

func validatePolicyNotModified(
oldColsByID map[uint32]client.CollectionDescription,
newColsByID map[uint32]client.CollectionDescription,
) error {
for _, newCol := range newColsByID {
oldCol, ok := oldColsByID[newCol.ID]
if !ok {
continue
}

// DeepEqual is temporary, as this validation is temporary
if !reflect.DeepEqual(oldCol.Policy, newCol.Policy) {
return NewErrCollectionPolicyCannotBeMutated(newCol.ID)
}
}

return nil
}

func validateIDNotZero(
oldColsByID map[uint32]client.CollectionDescription,
newColsByID map[uint32]client.CollectionDescription,
Expand Down
8 changes: 8 additions & 0 deletions db/errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ const (
errCollectionSourceIDMutated string = "collection source ID cannot be mutated"
errCollectionIndexesCannotBeMutated string = "collection indexes cannot be mutated"
errCollectionFieldsCannotBeMutated string = "collection fields cannot be mutated"
errCollectionPolicyCannotBeMutated string = "collection policy cannot be mutated"
errCollectionRootIDCannotBeMutated string = "collection root ID cannot be mutated"
errCollectionSchemaVersionIDCannotBeMutated string = "collection schema version ID cannot be mutated"
errCollectionIDCannotBeZero string = "collection ID cannot be zero"
Expand Down Expand Up @@ -600,6 +601,13 @@ func NewErrCollectionFieldsCannotBeMutated(colID uint32) error {
)
}

func NewErrCollectionPolicyCannotBeMutated(colID uint32) error {
return errors.New(
errCollectionPolicyCannotBeMutated,
errors.NewKV("CollectionID", colID),
)
}

func NewErrCollectionRootIDCannotBeMutated(colID uint32) error {
return errors.New(
errCollectionRootIDCannotBeMutated,
Expand Down
82 changes: 82 additions & 0 deletions tests/integration/collection_description/updates/remove/policy_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
// Copyright 2024 Democratized Data Foundation
//
// Use of this software is governed by the Business Source License
// included in the file licenses/BSL.txt.
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0, included in the file
// licenses/APL.txt.

package remove

import (
"testing"

testUtils "github.com/sourcenetwork/defradb/tests/integration"
acpUtils "github.com/sourcenetwork/defradb/tests/integration/acp"
)

func TestColDescrUpdateRemovePolicy_Errors(t *testing.T) {
test := testUtils.TestCase{
Actions: []any{
testUtils.AddPolicy{

Creator: acpUtils.Actor1Signature,

Policy: `
description: a test policy which marks a collection in a database as a resource
actor:
name: actor
resources:
users:
permissions:
read:
expr: owner + reader
write:
expr: owner
relations:
owner:
types:
- actor
reader:
types:
- actor
admin:
manages:
- reader
types:
- actor
`,

ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001",
},

testUtils.SchemaUpdate{
Schema: `
type Users @policy(
id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001",
resource: "users"
) {
name: String
age: Int
}
`,
},

testUtils.PatchCollection{
Patch: `
[
{ "op": "remove", "path": "/1/Policy" }
]
`,
ExpectedError: "collection policy cannot be mutated. CollectionID: 1",
},
},
}

testUtils.ExecuteTestCase(t, test)
}
83 changes: 83 additions & 0 deletions tests/integration/collection_description/updates/replace/policy_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
// Copyright 2024 Democratized Data Foundation
//
// Use of this software is governed by the Business Source License
// included in the file licenses/BSL.txt.
//
// As of the Change Date specified in that file, in accordance with
// the Business Source License, use of this software will be governed
// by the Apache License, Version 2.0, included in the file
// licenses/APL.txt.

package replace

import (
"testing"

testUtils "github.com/sourcenetwork/defradb/tests/integration"
)

func TestColDescrUpdateReplacePolicy_Errors(t *testing.T) {
test := testUtils.TestCase{
Actions: []any{
testUtils.SchemaUpdate{
Schema: `
type Users {}
`,
},
testUtils.PatchCollection{
Patch: `
[
{ "op": "replace", "path": "/1/Policy", "value": {} }
]
`,
ExpectedError: "collection policy cannot be mutated. CollectionID: 1",
},
},
}

testUtils.ExecuteTestCase(t, test)
}

func TestColDescrUpdateReplacePolicyID_Errors(t *testing.T) {
test := testUtils.TestCase{
Actions: []any{
testUtils.SchemaUpdate{
Schema: `
type Users {}
`,
},
testUtils.PatchCollection{
Patch: `
[
{ "op": "replace", "path": "/1/Policy", "value": {"ID": "dfe202ffb4f0fe9b46157c313213a383"} }
]
`,
ExpectedError: "collection policy cannot be mutated. CollectionID: 1",
},
},
}

testUtils.ExecuteTestCase(t, test)
}

func TestColDescrUpdateReplacePolicyResource_Errors(t *testing.T) {
test := testUtils.TestCase{
Actions: []any{
testUtils.SchemaUpdate{
Schema: `
type Users {}
`,
},
testUtils.PatchCollection{
Patch: `
[
{ "op": "replace", "path": "/1/Policy", "value": {"ResourceName": "mutatingResource"} }
]
`,
ExpectedError: "collection policy cannot be mutated. CollectionID: 1",
},
},
}

testUtils.ExecuteTestCase(t, test)
}

0 comments on commit b2cd5e1

Please sign in to comment.