fix: handle multiple owners for single entity for owners in HR scope …

…matching
restorecommerce · Apr 11, 2024 · e6c5f55 · e6c5f55
1 parent 1de3f87
commit e6c5f55
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/src/core/hierarchicalScope.ts b/src/core/hierarchicalScope.ts
@@ -193,20 +193,20 @@ export const checkHierarchicalScope = async (ruleTarget: Target,
     const reducedHRScopes = context?.subject?.hierarchical_scopes?.filter((hrObj) => hrObj?.role === ruleRole);
     for (let [resourceId, owners] of resourceIdOwnersMap) {
       // validate scoping Entity first
-      let ownerInstance: string;
+      let ownerInstances: string[] = [];
       const entityMatch = owners?.some((ownerObj) => {
         return reducedUserRoleAssocs?.some((roleObj) => {
           if (roleObj?.attributes?.some((roleAttributeObject) => roleAttributeObject?.id === urns.get('roleScopingEntity')
             && ownerObj?.id === urns.get('ownerEntity') && ownerObj.value === ruleRoleScopingEntity && ownerObj.value === roleAttributeObject?.value)) {
-            ownerObj?.attributes?.forEach((obj) => ownerInstance = obj.value);
+            ownerObj?.attributes?.forEach((obj) => ownerInstances.push(obj.value));
             return true;
           }
         });
       });
       // validate the ownerInstance from HR scope tree for matched scoping entity
-      if (entityMatch && ownerInstance) {
+      if (entityMatch && ownerInstances?.length > 0) {
         traverse(reducedHRScopes).forEach((node: any) => { // depth-first search
-          if (node?.id === ownerInstance) {
+          if (ownerInstances.includes(node?.id)) {
             deleteMapEntries.push(resourceId);
           }
         });

diff --git a/test/microservice_acs_enabled.spec.ts b/test/microservice_acs_enabled.spec.ts
@@ -956,7 +956,7 @@ describe('testing microservice', () => {
       });
 
        // Create with two different scopes assigned for same role
-       it('should PERMIT to create test rule with ACS enabled without providing scope in subject with multilple instances assigned to same role', async () => {
+       it('should PERMIT to create test rule with ACS enabled with multiple owners without providing scope in subject with multilple instances assigned to same role', async () => {
         let testRule1 = [{
           name: '1 test rule for test entitiy',
           description: '1 test rule',
@@ -978,6 +978,12 @@ describe('testing microservice', () => {
               attributes: [{
                 id: 'urn:restorecommerce:acs:names:ownerInstance',
                 value: 'org1'
+              }, {
+                id: 'urn:restorecommerce:acs:names:ownerInstance',
+                value: 'org2'
+              }, {
+                id: 'urn:restorecommerce:acs:names:ownerInstance',
+                value: 'org3'
               }]
             }]
           }
@@ -1030,8 +1036,14 @@ describe('testing microservice', () => {
               id: 'urn:restorecommerce:acs:names:ownerIndicatoryEntity',
               value: 'urn:restorecommerce:acs:model:organization.Organization',
               attributes: [{
+                id: 'urn:restorecommerce:acs:names:ownerInstance',
+                value: 'org1'
+              }, {
                 id: 'urn:restorecommerce:acs:names:ownerInstance',
                 value: 'org2'
+              }, {
+                id: 'urn:restorecommerce:acs:names:ownerInstance',
+                value: 'org3'
               }]
             }]
           }