Skip to content

Commit b81b933

Browse files
john-h-kastner-awsjohn-h-kastner-aws
authored
Fix bug in query_principal; add some more tests (#1870)
Signed-off-by: John Kastner <[email protected]>
1 parent 703084f commit b81b933

File tree

2 files changed

+363
-67
lines changed

2 files changed

+363
-67
lines changed

cedar-policy/src/api.rs

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5036,7 +5036,7 @@ pub use tpe::*;
50365036
mod tpe {
50375037
use std::collections::{HashMap, HashSet};
50385038

5039-
use cedar_policy_core::ast;
5039+
use cedar_policy_core::ast::{self, PartialValueToValueError};
50405040
use cedar_policy_core::authorizer::Decision;
50415041
use cedar_policy_core::batched_evaluator::is_authorized_batched;
50425042
use cedar_policy_core::batched_evaluator::{
@@ -5058,7 +5058,7 @@ mod tpe {
50585058
RequestValidationError, RestrictedExpression, Schema, TPEReauthorizationError,
50595059
};
50605060

5061-
/// A partial [`EntityUid`]
5061+
/// A partial [`EntityUid`].
50625062
/// That is, its [`EntityId`] could be unknown
50635063
#[repr(transparent)]
50645064
#[derive(Debug, Clone, RefCast)]
@@ -5072,6 +5072,12 @@ mod tpe {
50725072
eid: id.map(|id| <EntityId as AsRef<ast::Eid>>::as_ref(&id).clone()),
50735073
})
50745074
}
5075+
5076+
/// Construct a [`PartialEntityUid`] from a concrete [`EntityUid`].
5077+
pub fn from_concrete(euid: EntityUid) -> Self {
5078+
let (ty, eid) = euid.0.components();
5079+
Self(tpe::request::PartialEntityUID { ty, eid: Some(eid) })
5080+
}
50755081
}
50765082

50775083
/// A partial [`Request`]
@@ -5225,6 +5231,11 @@ mod tpe {
52255231
) -> Result<Self, tpe_err::EntitiesError> {
52265232
tpe::entities::PartialEntities::from_json_value(value, &schema.0).map(Self)
52275233
}
5234+
5235+
/// Construct `[PartialEntities]` given a fully concrete `[Entities]`
5236+
pub fn from_concrete(entities: Entities) -> Result<Self, PartialValueToValueError> {
5237+
tpe::entities::PartialEntities::try_from(entities.0).map(Self)
5238+
}
52285239
}
52295240

52305241
/// A partial version of [`crate::Response`].
@@ -5447,7 +5458,7 @@ mod tpe {
54475458
Some(Decision::Allow) => Ok(entities
54485459
.iter()
54495460
.filter(|entity| {
5450-
entity.0.uid().entity_type() == &request.0 .0.get_resource_type()
5461+
entity.0.uid().entity_type() == &request.0 .0.get_principal_type()
54515462
})
54525463
.map(super::Entity::uid)
54535464
.collect_vec()

0 commit comments

Comments
 (0)