feat: add AppPermissionEvaluator (#113)

Ahoo-Wang · Mar 21, 2023 · 20f96ff · 20f96ff
1 parent c7524c1
commit 20f96ff
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 1 deletion.
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/permission/AppPermissionEvaluator.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/permission/AppPermissionEvaluator.kt
@@ -0,0 +1,18 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.permission
+
+interface AppPermissionEvaluator {
+    fun evaluate(appPermission: AppPermission)
+}
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/permission/DefaultAppPermissionEvaluator.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/permission/DefaultAppPermissionEvaluator.kt
@@ -0,0 +1,37 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.permission
+
+import me.ahoo.cosec.api.permission.AppPermission
+import me.ahoo.cosec.api.permission.AppPermissionEvaluator
+import me.ahoo.cosec.context.SimpleSecurityContext
+import me.ahoo.cosec.policy.EvaluateRequest
+import me.ahoo.cosec.principal.SimpleTenantPrincipal
+
+object DefaultAppPermissionEvaluator : AppPermissionEvaluator {
+    override fun evaluate(appPermission: AppPermission) {
+        val evaluateRequest = EvaluateRequest()
+        val mockContext = SimpleSecurityContext(SimpleTenantPrincipal.ANONYMOUS)
+        appPermission.condition.match(evaluateRequest, mockContext)
+        appPermission.permissionIndexer.values.forEach { permission ->
+            permission.verify(evaluateRequest, mockContext)
+
+            permission.actions.forEach {
+                it.match(evaluateRequest, mockContext)
+            }
+
+            permission.condition.match(evaluateRequest, mockContext)
+        }
+    }
+}
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/DefaultPolicyEvaluator.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/DefaultPolicyEvaluator.kt
@@ -24,6 +24,7 @@ object DefaultPolicyEvaluator : PolicyEvaluator {
     override fun evaluate(policy: Policy) {
         val evaluateRequest = EvaluateRequest()
         val mockContext = SimpleSecurityContext(SimpleTenantPrincipal.ANONYMOUS)
+        policy.condition.match(evaluateRequest, mockContext)
         policy.statements.forEach { statement ->
             statement.verify(evaluateRequest, mockContext)
 

diff --git a/cosec-core/src/test/kotlin/me/ahoo/cosec/permission/DefaultAppPermissionEvaluatorTest.kt b/cosec-core/src/test/kotlin/me/ahoo/cosec/permission/DefaultAppPermissionEvaluatorTest.kt
@@ -0,0 +1,41 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.permission
+
+import me.ahoo.cosec.api.policy.Effect
+import me.ahoo.cosec.configuration.JsonConfiguration
+import me.ahoo.cosec.policy.action.AllActionMatcher
+import org.junit.jupiter.api.Test
+
+class DefaultAppPermissionEvaluatorTest {
+
+    @Test
+    fun evaluate() {
+        val appPermission = AppPermissionData(
+            id = "appId", groups = listOf(
+                PermissionGroupData(
+                    "groupName", permissions = listOf(
+                        PermissionData(
+                            id = "permissionId",
+                            name = "",
+                            effect = Effect.DENY,
+                            actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY)),
+                        )
+                    )
+                )
+            )
+        )
+        DefaultAppPermissionEvaluator.evaluate(appPermission)
+    }
+}
diff --git a/gradle.properties b/gradle.properties
@@ -11,7 +11,7 @@
 # limitations under the License.
 #
 group=me.ahoo.cosec
-version=1.15.2
+version=1.15.3
 description=RBAC-based And Policy-based Multi-Tenant Reactive Security Framework
 website=https://github.com/Ahoo-Wang/CoSec
 issues=https://github.com/Ahoo-Wang/CoSec/issues