feat(utils): implemented roles engine

Author: slvnperron

utils/botpress-util-roles/.babelrc

@@ -0,0 +1,3 @@
+{
+  "presets": ["env"]
+}

utils/botpress-util-roles/.gitignore

@@ -1,3 +1,15 @@
 .cache
 node_modules
-dist
+dist
+.*.swp
+._*
+.DS_Store
+.git
+.hg
+.npmrc
+.lock-wscript
+.svn
+.wafpickle-*
+config.gypi
+CVS
+npm-debug.log

utils/botpress-util-roles/.npmignore

@@ -0,0 +1,2 @@
+.npmignore
+src

utils/botpress-util-roles/index.js

@@ -2,15 +2,18 @@
   "name": "@botpress/util-roles",
   "version": "1.0.0",
   "description": "Botpress utility package that handles roles checking",
-  "main": "index.js",
+  "main": "dist/index.js",
   "author": "Botpress, Inc.",
   "license": "AGPL-3.0",
   "private": false,
   "devDependencies": {
+    "babel-preset-env": "^1.6.1",
+    "jest": "^22.4.3",
     "parcel-bundler": "^1.7.1"
   },
   "scripts": {
-    "watch": "parcel watch index.js",
-    "build": "parcel build index.js"
+    "watch": "parcel watch src/index.js",
+    "build": "parcel build src/index.js",
+    "test": "jest --watch"
   }
 }

utils/botpress-util-roles/package.json

@@ -0,0 +1,58 @@
+export function ressourceMatches(pattern, res) {
+  const separator = /[\/\.]/
+  pattern = pattern || ''
+
+  if (!~pattern.indexOf('*')) {
+    pattern = pattern += '.*'
+  }
+
+  const parts = pattern.split(separator)
+  let testParts = res.split(separator)
+
+  let matches = true
+  for (let ii = 0; matches && ii < parts.length; ii++) {
+    if (parts[ii] === '*') {
+      continue
+    } else if (ii < testParts.length) {
+      matches = parts[ii].toLowerCase() === testParts[ii].toLowerCase()
+    } else {
+      matches = false
+    }
+  }
+
+  return matches
+}
+
+export function checkRule(rules, operation, ressource) {
+  operation = /^r|read$/i.test(operation) ? 'r' : operation
+  operation = /^w|write$/i.test(operation) ? 'w' : operation
+
+  if (operation !== 'r' && operation !== 'w') {
+    throw new Error('Invalid rule operation: ' + operation)
+  }
+
+  let permission = false // Everything is restricted by default
+
+  for (let rule of rules) {
+    if (ressourceMatches(rule.res, ressource)) {
+      if (rule.op.length === 4) {
+        if (rule.op[1] === operation) {
+          permission = rule.op[0] === '+'
+        } else if (rule.op[3] === operation) {
+          permission = rule.op[2] === '+'
+        } else {
+          permission = false
+        }
+      }
+      if (rule.op.length === 3) {
+        permission = rule.op[0] === '+'
+      } else if (rule.op[1] === operation) {
+        permission = rule.op[0] === '+'
+      } else {
+        // leave the permission untouched
+      }
+    }
+  }
+
+  return permission
+}

utils/botpress-util-roles/src/index.js

@@ -0,0 +1,58 @@
+import { ressourceMatches, checkRule } from './index'
+
+test('ressourceMatches', () => {
+  expect(ressourceMatches('', '')).toBe(true)
+  expect(ressourceMatches('*', 'everything.will.match')).toBe(true)
+  expect(ressourceMatches('everything.*', 'everything.will.match')).toBe(true)
+  expect(ressourceMatches('everything.*.match', 'everything.here.match')).toBe(true)
+  expect(ressourceMatches('everything.*.match.again', 'everything.here.match.again')).toBe(true)
+  expect(ressourceMatches('everything.*.*.again', 'everything.here.match.again')).toBe(true)
+  expect(ressourceMatches('*.will.*.again', 'everything.will.match.again')).toBe(true)
+  expect(ressourceMatches('everything', 'everything.will.match')).toBe(true)
+
+  expect(ressourceMatches('', 'nothing.will.match')).toBe(false)
+  expect(ressourceMatches('nothing.match', 'nothing.will.match')).toBe(false)
+  expect(ressourceMatches('this.*.match', 'nothing.will.match')).toBe(false)
+  expect(ressourceMatches('*.*.match', 'nothing.will.work')).toBe(false)
+  expect(ressourceMatches('a.b.c', 'b.a.c')).toBe(false)
+  expect(ressourceMatches('*.b.c', 'b.a.c')).toBe(false)
+})
+
+test('checkRule', () => {
+  const rules = [
+    // 2 chars
+    { op: '+r', res: '1' },
+    { op: '-w', res: '1' },
+    { op: '+w', res: '1.a' },
+    // 3 chars
+    { op: '+rw', res: '2' },
+    { op: '-rw', res: '2.a' },
+    { op: '+r', res: '2.a.b' },
+    // 4 chars
+    { op: '+r+w', res: '2.a.c' },
+    { op: '+r-w', res: '3' },
+    { op: '+w-r', res: '3.a' }
+  ]
+
+  expect(checkRule(rules, 'read', '1')).toBe(true)
+  expect(checkRule(rules, 'write', '1')).toBe(false)
+  expect(checkRule(rules, 'write', '1.a')).toBe(true)
+  expect(checkRule(rules, 'write', '1.b')).toBe(false)
+  expect(checkRule(rules, 'read', '1.b')).toBe(true)
+
+  expect(checkRule(rules, 'read', '2')).toBe(true)
+  expect(checkRule(rules, 'write', '2')).toBe(true)
+  expect(checkRule(rules, 'read', '2.b')).toBe(true)
+  expect(checkRule(rules, 'write', '2.b')).toBe(true)
+  expect(checkRule(rules, 'read', '2.a')).toBe(false)
+  expect(checkRule(rules, 'write', '2.a')).toBe(false)
+  expect(checkRule(rules, 'write', '2.a.b')).toBe(false)
+  expect(checkRule(rules, 'read', '2.a.b')).toBe(true)
+  expect(checkRule(rules, 'read', '2.a.c')).toBe(true)
+  expect(checkRule(rules, 'write', '2.a.c')).toBe(true)
+
+  expect(checkRule(rules, 'read', '3')).toBe(true)
+  expect(checkRule(rules, 'write', '3')).toBe(false)
+  expect(checkRule(rules, 'write', '3.a')).toBe(true)
+  expect(checkRule(rules, 'read', '3.a')).toBe(false)
+})