Skip to content

Commit

Permalink
feat: Add more extensive permission parsing support
Browse files Browse the repository at this point in the history
  • Loading branch information
@joachimvh
joachimvh committed Aug 7, 2020
1 parent 6d29afe commit a116c41
Show file tree
Hide file tree
Showing 11 changed files with 221 additions and 74 deletions.
8 changes: 6 additions & 2 deletions bin/server.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import yargs from 'yargs';
import {
AcceptPreferenceParser,
AuthenticatedLdpHandler,
BasePermissionsExtractor,
BodyParser,
CompositeAsyncHandler,
ExpressHttpServer,
Expand All @@ -21,7 +22,6 @@ import {
SimpleExtensionAclManager,
SimpleGetOperationHandler,
SimplePatchOperationHandler,
SimplePermissionsExtractor,
SimplePostOperationHandler,
SimplePutOperationHandler,
SimpleRequestParser,
Expand All @@ -32,6 +32,7 @@ import {
SimpleTargetExtractor,
SimpleTurtleQuadConverter,
SingleThreadedResourceLocker,
SparqlPatchPermissionsExtractor,
UrlContainerManager,
} from '..';

Expand All @@ -58,7 +59,10 @@ const requestParser = new SimpleRequestParser({
});

const credentialsExtractor = new SimpleCredentialsExtractor();
const permissionsExtractor = new SimplePermissionsExtractor();
const permissionsExtractor = new CompositeAsyncHandler([
new BasePermissionsExtractor(),
new SparqlPatchPermissionsExtractor(),
]);

// Will have to see how to best handle this
const store = new SimpleResourceStore(base);
Expand Down
3 changes: 2 additions & 1 deletion index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ export * from './src/ldp/operations/SimplePutOperationHandler';
// LDP/Permissions
export * from './src/ldp/permissions/PermissionSet';
export * from './src/ldp/permissions/PermissionsExtractor';
export * from './src/ldp/permissions/SimplePermissionsExtractor';
export * from './src/ldp/permissions/BasePermissionsExtractor';
export * from './src/ldp/permissions/SparqlPatchPermissionsExtractor';

// LDP/Representation
export * from './src/ldp/representation/BinaryRepresentation';
Expand Down
4 changes: 2 additions & 2 deletions src/ldp/http/SparqlUpdatePatch.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { Algebra } from 'sparqlalgebrajs';
import { Patch } from './Patch';
import { Update } from 'sparqlalgebrajs/lib/algebra';

/**
* A specific type of {@link Patch} corresponding to a SPARQL update.
Expand All @@ -8,5 +8,5 @@ export interface SparqlUpdatePatch extends Patch {
/**
* Algebra corresponding to the SPARQL update.
*/
algebra: Update;
algebra: Algebra.Update;
}
26 changes: 26 additions & 0 deletions src/ldp/permissions/BasePermissionsExtractor.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
import { Operation } from '../operations/Operation';
import { PermissionSet } from './PermissionSet';
import { PermissionsExtractor } from './PermissionsExtractor';
import { UnsupportedHttpError } from '../../util/errors/UnsupportedHttpError';

/**
* Generates permissions for the base set of methods that always require the same permissions.
* Specifically: GET, HEAD, POST, PUT and DELETE.
*/
export class BasePermissionsExtractor extends PermissionsExtractor {
public async canHandle(input: Operation): Promise<void> {
if (![ 'HEAD', 'GET', 'POST', 'PUT', 'DELETE' ].includes(input.method)) {
throw new UnsupportedHttpError('Only HEAD, GET, POST, PUT and DELETE are supported.');
}
}

public async handle(input: Operation): Promise<PermissionSet> {
const result = {
read: input.method === 'HEAD' || input.method === 'GET',
append: false,
write: input.method === 'POST' || input.method === 'PUT' || input.method === 'DELETE',
};
result.append = result.write;
return result;
}
}
22 changes: 0 additions & 22 deletions src/ldp/permissions/SimplePermissionsExtractor.ts
View file

This file was deleted.

58 changes: 58 additions & 0 deletions src/ldp/permissions/SparqlPatchPermissionsExtractor.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
import { Algebra } from 'sparqlalgebrajs';
import { Operation } from '../operations/Operation';
import { PermissionSet } from './PermissionSet';
import { PermissionsExtractor } from './PermissionsExtractor';
import { Representation } from '../representation/Representation';
import { SparqlUpdatePatch } from '../http/SparqlUpdatePatch';
import { UnsupportedHttpError } from '../../util/errors/UnsupportedHttpError';

/**
* Generates permissions for a SPARQL DELETE/INSERT PATCH.
* Updates with only an INSERT can be done with just append permissions,
* while DELETEs require write permissions as well.
*/
export class SparqlPatchPermissionsExtractor extends PermissionsExtractor {
public async canHandle(input: Operation): Promise<void> {
if (input.method !== 'PATCH') {
throw new UnsupportedHttpError('Only PATCH operations are supported.');
}
if (!input.body) {
throw new UnsupportedHttpError('PATCH body is required to determine permissions.');
}
if (!this.isSparql(input.body)) {
throw new UnsupportedHttpError('Only SPARQL update PATCHes are supported.');
}
if (!this.isDeleteInsert(input.body.algebra)) {
throw new UnsupportedHttpError('Only DELETE/INSERT SPARQL update operations are supported.');
}
}

public async handle(input: Operation): Promise<PermissionSet> {
if (!input.body || !this.isSparql(input.body) || !this.isDeleteInsert(input.body.algebra)) {
throw new UnsupportedHttpError('A SPARQL DELETE/INSERT body is required.');
}
const result = {
read: false,
append: this.needsAppend(input.body.algebra),
write: this.needsWrite(input.body.algebra),
};
result.append = result.append || result.write;
return result;
}

private isSparql(data: Representation): data is SparqlUpdatePatch {
return Boolean((data as SparqlUpdatePatch).algebra);
}

private isDeleteInsert(op: Algebra.Operation): op is Algebra.DeleteInsert {
return op.type === Algebra.types.DELETE_INSERT;
}

private needsAppend(update: Algebra.DeleteInsert): boolean {
return Boolean(update.insert && update.insert.length > 0);
}

private needsWrite(update: Algebra.DeleteInsert): boolean {
return Boolean(update.delete && update.delete.length > 0);
}
}
10 changes: 7 additions & 3 deletions test/integration/AuthenticatedLdpHandler.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { AcceptPreferenceParser } from '../../src/ldp/http/AcceptPreferenceParser';
import { AuthenticatedLdpHandler } from '../../src/ldp/AuthenticatedLdpHandler';
import { BasePermissionsExtractor } from '../../src/ldp/permissions/BasePermissionsExtractor';
import { BodyParser } from '../../src/ldp/http/BodyParser';
import { call } from '../util/Util';
import { CompositeAsyncHandler } from '../../src/util/CompositeAsyncHandler';
Expand All @@ -17,7 +18,6 @@ import { SimpleCredentialsExtractor } from '../../src/authentication/SimpleCrede
import { SimpleDeleteOperationHandler } from '../../src/ldp/operations/SimpleDeleteOperationHandler';
import { SimpleGetOperationHandler } from '../../src/ldp/operations/SimpleGetOperationHandler';
import { SimplePatchOperationHandler } from '../../src/ldp/operations/SimplePatchOperationHandler';
import { SimplePermissionsExtractor } from '../../src/ldp/permissions/SimplePermissionsExtractor';
import { SimplePostOperationHandler } from '../../src/ldp/operations/SimplePostOperationHandler';
import { SimpleRequestParser } from '../../src/ldp/http/SimpleRequestParser';
import { SimpleResourceStore } from '../../src/storage/SimpleResourceStore';
Expand All @@ -27,6 +27,7 @@ import { SimpleSparqlUpdatePatchHandler } from '../../src/storage/patch/SimpleSp
import { SimpleTargetExtractor } from '../../src/ldp/http/SimpleTargetExtractor';
import { SimpleTurtleQuadConverter } from '../../src/storage/conversion/SimpleTurtleQuadConverter';
import { SingleThreadedResourceLocker } from '../../src/storage/SingleThreadedResourceLocker';
import { SparqlPatchPermissionsExtractor } from '../../src/ldp/permissions/SparqlPatchPermissionsExtractor';
import { namedNode, quad } from '@rdfjs/data-model';
import * as url from 'url';

Expand All @@ -39,7 +40,7 @@ describe('An integrated AuthenticatedLdpHandler', (): void => {
});

const credentialsExtractor = new SimpleCredentialsExtractor();
const permissionsExtractor = new SimplePermissionsExtractor();
const permissionsExtractor = new BasePermissionsExtractor();
const authorizer = new SimpleAuthorizer();

const store = new SimpleResourceStore('http://test.com/');
Expand Down Expand Up @@ -107,7 +108,10 @@ describe('An integrated AuthenticatedLdpHandler', (): void => {
});

const credentialsExtractor = new SimpleCredentialsExtractor();
const permissionsExtractor = new SimplePermissionsExtractor();
const permissionsExtractor = new CompositeAsyncHandler([
new BasePermissionsExtractor(),
new SparqlPatchPermissionsExtractor(),
]);
const authorizer = new SimpleAuthorizer();

const store = new SimpleResourceStore('http://test.com/');
Expand Down
4 changes: 2 additions & 2 deletions test/integration/Authorization.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { AcceptPreferenceParser } from '../../src/ldp/http/AcceptPreferenceParser';
import { AuthenticatedLdpHandler } from '../../src/ldp/AuthenticatedLdpHandler';
import { BasePermissionsExtractor } from '../../src/ldp/permissions/BasePermissionsExtractor';
import { BodyParser } from '../../src/ldp/http/BodyParser';
import { call } from '../util/Util';
import { CompositeAsyncHandler } from '../../src/util/CompositeAsyncHandler';
Expand All @@ -16,7 +17,6 @@ import { SimpleCredentialsExtractor } from '../../src/authentication/SimpleCrede
import { SimpleDeleteOperationHandler } from '../../src/ldp/operations/SimpleDeleteOperationHandler';
import { SimpleExtensionAclManager } from '../../src/authorization/SimpleExtensionAclManager';
import { SimpleGetOperationHandler } from '../../src/ldp/operations/SimpleGetOperationHandler';
import { SimplePermissionsExtractor } from '../../src/ldp/permissions/SimplePermissionsExtractor';
import { SimplePostOperationHandler } from '../../src/ldp/operations/SimplePostOperationHandler';
import { SimplePutOperationHandler } from '../../src/ldp/operations/SimplePutOperationHandler';
import { SimpleRequestParser } from '../../src/ldp/http/SimpleRequestParser';
Expand Down Expand Up @@ -84,7 +84,7 @@ describe('A server with authorization', (): void => {
const convertingStore = new RepresentationConvertingStore(store, converter);

const credentialsExtractor = new SimpleCredentialsExtractor();
const permissionsExtractor = new SimplePermissionsExtractor();
const permissionsExtractor = new BasePermissionsExtractor();
const authorizer = new SimpleAclAuthorizer(
new SimpleExtensionAclManager(),
new UrlContainerManager('http://test.com/'),
Expand Down
56 changes: 56 additions & 0 deletions test/unit/ldp/permissions/BasePermissionsExtractor.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import { BasePermissionsExtractor } from '../../../../src/ldp/permissions/BasePermissionsExtractor';
import { Operation } from '../../../../src/ldp/operations/Operation';
import { UnsupportedHttpError } from '../../../../src/util/errors/UnsupportedHttpError';

describe('A BasePermissionsExtractor', (): void => {
const extractor = new BasePermissionsExtractor();

it('can handle HEAD/GET/POST/PUT/DELETE.', async(): Promise<void> => {
await expect(extractor.canHandle({ method: 'HEAD' } as Operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ method: 'GET' } as Operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ method: 'POST' } as Operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ method: 'PUT' } as Operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ method: 'DELETE' } as Operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ method: 'PATCH' } as Operation)).rejects.toThrow(UnsupportedHttpError);
});

it('requires read for HEAD operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'HEAD' } as Operation)).resolves.toEqual({
read: true,
append: false,
write: false,
});
});

it('requires read for GET operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'GET' } as Operation)).resolves.toEqual({
read: true,
append: false,
write: false,
});
});

it('requires write for POST operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'POST' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: true,
});
});

it('requires write for PUT operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'PUT' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: true,
});
});

it('requires write for DELETE operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'DELETE' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: true,
});
});
});
42 changes: 0 additions & 42 deletions test/unit/ldp/permissions/SimplePermissionsExtractor.test.ts
View file

This file was deleted.

62 changes: 62 additions & 0 deletions test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
import { Factory } from 'sparqlalgebrajs';
import { Operation } from '../../../../src/ldp/operations/Operation';
import { SparqlPatchPermissionsExtractor } from '../../../../src/ldp/permissions/SparqlPatchPermissionsExtractor';
import { SparqlUpdatePatch } from '../../../../src/ldp/http/SparqlUpdatePatch';
import { UnsupportedHttpError } from '../../../../src/util/errors/UnsupportedHttpError';

describe('A SparqlPatchPermissionsExtractor', (): void => {
const extractor = new SparqlPatchPermissionsExtractor();
const factory = new Factory();

it('can only handle SPARQL DELETE/INSERT PATCH operations.', async(): Promise<void> => {
const operation = { method: 'PATCH', body: { algebra: factory.createDeleteInsert() }} as unknown as Operation;
await expect(extractor.canHandle(operation)).resolves.toBeUndefined();
await expect(extractor.canHandle({ ...operation, method: 'GET' }))
.rejects.toThrow(new UnsupportedHttpError('Only PATCH operations are supported.'));
await expect(extractor.canHandle({ ...operation, body: undefined }))
.rejects.toThrow(new UnsupportedHttpError('PATCH body is required to determine permissions.'));
await expect(extractor.canHandle({ ...operation, body: {} as SparqlUpdatePatch }))
.rejects.toThrow(new UnsupportedHttpError('Only SPARQL update PATCHes are supported.'));
await expect(extractor.canHandle({ ...operation,
body: { algebra: factory.createMove('DEFAULT', 'DEFAULT') } as unknown as SparqlUpdatePatch }))
.rejects.toThrow(new UnsupportedHttpError('Only DELETE/INSERT SPARQL update operations are supported.'));
});

it('errors if input for the handle function is missing.', async(): Promise<void> => {
const operation = { method: 'PATCH', body: { algebra: factory.createDeleteInsert() }} as unknown as Operation;
await expect(extractor.handle({ ...operation, body: undefined })).rejects.toThrow(UnsupportedHttpError);
await expect(extractor.handle({ ...operation, body: {} as SparqlUpdatePatch }))
.rejects.toThrow(UnsupportedHttpError);
await expect(extractor.handle({ ...operation,
body: { algebra: factory.createMove('DEFAULT', 'DEFAULT') } as unknown as SparqlUpdatePatch }))
.rejects.toThrow(UnsupportedHttpError);
});

it('requires append for INSERT operations.', async(): Promise<void> => {
const operation = {
method: 'PATCH',
body: { algebra: factory.createDeleteInsert(undefined, [
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: false,
});
});

it('requires write for DELETE operations.', async(): Promise<void> => {
const operation = {
method: 'PATCH',
body: { algebra: factory.createDeleteInsert([
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: true,
});
});
});

0 comments on commit a116c41

Please sign in to comment.