fix(evaluate): using context in instantiation in IdentityBasedPolicy …

…and ResourceBasedPolicy fix #43
roggervalf · Apr 11, 2021 · c0f3561 · c0f3561
1 parent 096e7ef
commit c0f3561
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 13 deletions.
diff --git a/src/IdentityBasedPolicy.test.ts b/src/IdentityBasedPolicy.test.ts
@@ -229,19 +229,33 @@ describe('IdentityBasedPolicy Class', () => {
 
   describe('when match based on context', () => {
     it('returns true or false', () => {
-      const policy = new IdentityBasedPolicy({
+      const policy = new IdentityBasedPolicy<Record<string, any>>({
         statements: [
           {
             resource: ['secrets:${user.id}:*'],
             action: ['read', 'write']
           },
           {
+            effect: 'deny',
             resource: ['secrets:${user.bestFriends}:*'],
             action: 'read'
           }
-        ]
+        ],
+        context: { user: { id: 124 } }
       });
 
+      expect(
+        policy.evaluate({
+          action: 'read',
+          resource: 'secrets:124:code'
+        })
+      ).toBe(true);
+      expect(
+        policy.evaluate({
+          action: 'read',
+          resource: 'secrets:123:code'
+        })
+      ).toBe(false);
       expect(
         policy.evaluate({
           action: 'read',
@@ -268,7 +282,7 @@ describe('IdentityBasedPolicy Class', () => {
           action: 'read',
           resource: 'secrets:563:secret',
           context: {
-            user: { id: 456, bestFriends: [123, 563, 1211] }
+            user: { id: 563, bestFriends: [123, 1211] }
           }
         })
       ).toBe(true);

diff --git a/src/IdentityBasedPolicy.ts b/src/IdentityBasedPolicy.ts
@@ -71,7 +71,7 @@ export class IdentityBasedPolicy<T extends object> extends Policy<
       s.matches({
         action,
         resource,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );
@@ -85,7 +85,7 @@ export class IdentityBasedPolicy<T extends object> extends Policy<
       s.matches({
         action,
         resource,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );

diff --git a/src/ResourceBasedPolicy.test.ts b/src/ResourceBasedPolicy.test.ts
@@ -465,21 +465,39 @@ describe('ResourceBasedPolicy Class', () => {
 
   describe('when match based on context', () => {
     it('returns true or false', () => {
-      const policy = new ResourceBasedPolicy({
+      const policy = new ResourceBasedPolicy<Record<string, any>>({
         statements: [
           {
             principal: { id: 'rogger' },
             resource: ['secrets:${user.id}:*'],
             action: ['read', 'write']
           },
           {
+            effect: 'deny',
             principal: { id: 'rogger' },
             resource: ['secrets:${user.bestFriends}:*'],
             action: 'read'
           }
-        ]
+        ],
+        context: { user: { id: 124, bestFriends: [563] } }
       });
 
+      expect(
+        policy.evaluate({
+          principal: 'rogger',
+          action: 'read',
+          resource: 'secrets:124:code',
+          principalType: 'id'
+        })
+      ).toBe(true);
+      expect(
+        policy.evaluate({
+          principal: 'rogger',
+          action: 'read',
+          resource: 'secrets:125:code',
+          principalType: 'id'
+        })
+      ).toBe(false);
       expect(
         policy.evaluate({
           principal: 'rogger',
@@ -502,7 +520,7 @@ describe('ResourceBasedPolicy Class', () => {
         policy.evaluate({
           principal: 'rogger',
           action: 'read',
-          resource: 'secrets:123:sshhh',
+          resource: 'secrets:123:topSecret',
           principalType: 'id',
           context: { user: { id: 456 } }
         })
@@ -511,18 +529,18 @@ describe('ResourceBasedPolicy Class', () => {
         policy.evaluate({
           principal: 'rogger',
           action: 'read',
-          resource: 'secrets:563:sshhh',
+          resource: 'secrets:563:topSecret',
           principalType: 'id',
           context: {
-            user: { id: 456, bestFriends: [123, 563, 1211] }
+            user: { id: 563, bestFriends: [123, 1211] }
           }
         })
       ).toBe(true);
       expect(
         policy.evaluate({
           principal: 'rogger',
           action: 'write',
-          resource: 'secrets:123:sshhh'
+          resource: 'secrets:123:topSecret'
         })
       ).toBe(false);
     });

diff --git a/src/ResourceBasedPolicy.ts b/src/ResourceBasedPolicy.ts
@@ -85,7 +85,7 @@ export class ResourceBasedPolicy<T extends object> extends Policy<
         action,
         resource,
         principalType,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );
@@ -107,7 +107,7 @@ export class ResourceBasedPolicy<T extends object> extends Policy<
         action,
         resource,
         principalType,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );