refactor: set effect default to ALLOW (#111)

* refactor: set effect default to ALLOW * Add code comments for Permission.id
Ahoo-Wang · Mar 21, 2023 · 69b426f · 69b426f
1 parent 5948d28
commit 69b426f
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 15 deletions.
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/permission/Permission.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/permission/Permission.kt
@@ -19,6 +19,9 @@ import me.ahoo.cosec.api.policy.Statement
  * Permission metadata.
  */
 interface Permission : Statement {
+    /**
+     * format : appId.group.permission
+     */
     val id: String
     val description: String
 }
diff --git a/cosec-api/src/test/kotlin/me/ahoo/cosec/api/context/RequestTest.kt b/cosec-api/src/test/kotlin/me/ahoo/cosec/api/context/RequestTest.kt
@@ -0,0 +1,26 @@
+/*
+ * Copyright [2021-present] [ahoo wang <[email protected]> (https://github.com/Ahoo-Wang)].
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package me.ahoo.cosec.api.context
+
+import me.ahoo.cosec.api.context.request.Request
+import org.hamcrest.MatcherAssert.assertThat
+import org.hamcrest.Matchers.equalTo
+import org.junit.jupiter.api.Test
+
+class RequestTest {
+    @Test
+    fun appIdKey() {
+        assertThat(Request.APP_ID, equalTo("cosec-app-id"))
+    }
+}
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/AbstractJsonStatementSerializer.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/AbstractJsonStatementSerializer.kt
@@ -43,6 +43,9 @@ abstract class AbstractJsonStatementDeserializer<T : Statement>(statementType: C
     StdDeserializer<T>(statementType) {
     override fun deserialize(p: JsonParser, ctxt: DeserializationContext): T {
         val jsonNode = p.codec.readTree<JsonNode>(p)
+        val effect = jsonNode.get(STATEMENT_EFFECT_KEY)?.traverse(p.codec)
+            ?.readValueAs(Effect::class.java)
+            ?: Effect.ALLOW
         val actions = jsonNode.get(STATEMENT_ACTIONS_KEY)?.map {
             it.traverse(p.codec).readValueAs(ActionMatcher::class.java)
         }.orEmpty()
@@ -53,9 +56,7 @@ abstract class AbstractJsonStatementDeserializer<T : Statement>(statementType: C
         return createStatement(
             jsonNode = jsonNode,
             name = jsonNode.get(STATEMENT_NAME)?.asText().orEmpty(),
-            effect = requireNotNull(jsonNode.get(STATEMENT_EFFECT_KEY)) {
-                "$STATEMENT_EFFECT_KEY is required!"
-            }.traverse(p.codec).readValueAs(Effect::class.java),
+            effect = effect,
             actions = actions,
             condition = condition,
         )

diff --git a/cosec-core/src/test/resources/test-policy.json b/cosec-core/src/test/resources/test-policy.json
@@ -11,7 +11,6 @@
   "statements": [
     {
       "name": "Anonymous",
-      "effect": "allow",
       "actions": [
         {
           "type": "path",
@@ -25,7 +24,6 @@
     },
     {
       "name": "UserScope",
-      "effect": "allow",
       "actions": [
         {
           "type": "path",
@@ -38,7 +36,6 @@
     },
     {
       "name": "Developer",
-      "effect": "allow",
       "actions": [
         {
           "type": "all"
@@ -103,7 +100,6 @@
     },
     {
       "name": "AllowDeveloperOrIpRange",
-      "effect": "allow",
       "actions": [
         {
           "type": "all"

diff --git a/document/cosec-app-permission.schema.json b/document/cosec-app-permission.schema.json
@@ -94,6 +94,7 @@
         "request.origin",
         "request.referer",
         "request.header.",
+        "request.header.cosec-app-id",
         "request.attributes.",
         "request.attributes.ipRegion",
         "context.tenantId",
@@ -131,7 +132,8 @@
             {
               "type": "string"
             }
-          ]
+          ],
+          "default": "path"
         },
         "methods": {
           "type": "array",
@@ -171,7 +173,8 @@
             {
               "type": "string"
             }
-          ]
+          ],
+          "default": "bool"
         },
         "part": {
           "anyOf": [
@@ -248,7 +251,8 @@
           "type": "string"
         },
         "effect": {
-          "$ref": "#/definitions/effect"
+          "$ref": "#/definitions/effect",
+          "default": "allow"
         },
         "actions": {
           "type": "array",
@@ -262,7 +266,6 @@
         }
       },
       "required": [
-        "effect",
         "actions"
       ]
     }

diff --git a/document/cosec-policy.schema.json b/document/cosec-policy.schema.json
@@ -125,6 +125,7 @@
         "request.origin",
         "request.referer",
         "request.header.",
+        "request.header.cosec-app-id",
         "request.attributes.",
         "request.attributes.ipRegion",
         "context.tenantId",
@@ -162,7 +163,8 @@
             {
               "type": "string"
             }
-          ]
+          ],
+          "default": "path"
         },
         "methods": {
           "type": "array",
@@ -202,7 +204,8 @@
             {
               "type": "string"
             }
-          ]
+          ],
+          "default": "bool"
         },
         "part": {
           "anyOf": [
@@ -248,7 +251,8 @@
           "type": "string"
         },
         "effect": {
-          "$ref": "#/definitions/effect"
+          "$ref": "#/definitions/effect",
+          "default": "allow"
         },
         "actions": {
           "type": "array",
@@ -263,7 +267,6 @@
         }
       },
       "required": [
-        "effect",
         "actions"
       ]
     }