Skip to content

Commit ea9da9b

Browse files
ArtuomkaArtuomka
authored
Merge pull request #1676 from rocket-admin/backend_ceadr_as_default
refactor: simplify policy reference validation and enable feature flag
2 parents 7b3bbe9 + ecf7432 commit ea9da9b

1 file changed

Lines changed: 16 additions & 21 deletions

File tree

backend/src/entities/cedar-authorization/cedar-authorization.service.ts

Lines changed: 16 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,8 @@ export class CedarAuthorizationService implements ICedarAuthorizationService, On
3737
}
3838

3939
isFeatureEnabled(): boolean {
40-
return process.env.CEDAR_AUTHORIZATION_ENABLED === 'true';
40+
// return process.env.CEDAR_AUTHORIZATION_ENABLED === 'true';
41+
return true;
4142
}
4243

4344
async validate(request: CedarValidationRequest): Promise<boolean> {
@@ -265,13 +266,10 @@ export class CedarAuthorizationService implements ICedarAuthorizationService, On
265266
}
266267
}
267268

268-
private async validatePolicyReferences(
269-
cedarPolicy: string,
270-
connectionId: string,
271-
): Promise<void> {
272-
const connectionIds = [
273-
...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Connection::"([^"]+)"/g),
274-
].map((m) => m[1]);
269+
private async validatePolicyReferences(cedarPolicy: string, connectionId: string): Promise<void> {
270+
const connectionIds = [...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Connection::"([^"]+)"/g)].map(
271+
(m) => m[1],
272+
);
275273

276274
for (const refConnectionId of connectionIds) {
277275
if (refConnectionId !== connectionId) {
@@ -282,27 +280,24 @@ export class CedarAuthorizationService implements ICedarAuthorizationService, On
282280
}
283281
}
284282

285-
const groupResourceIds = [
286-
...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Group::"([^"]+)"/g),
287-
].map((m) => m[1]);
283+
const groupResourceIds = [...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Group::"([^"]+)"/g)].map(
284+
(m) => m[1],
285+
);
288286

289287
if (groupResourceIds.length > 0) {
290288
const connectionGroups = await this.globalDbContext.groupRepository.findAllGroupsInConnection(connectionId);
291289
const connectionGroupIds = new Set(connectionGroups.map((g) => g.id));
292290

293291
for (const refGroupId of groupResourceIds) {
294292
if (!connectionGroupIds.has(refGroupId)) {
295-
throw new HttpException(
296-
{ message: Messages.CEDAR_POLICY_REFERENCES_FOREIGN_GROUP },
297-
HttpStatus.BAD_REQUEST,
298-
);
293+
throw new HttpException({ message: Messages.CEDAR_POLICY_REFERENCES_FOREIGN_GROUP }, HttpStatus.BAD_REQUEST);
299294
}
300295
}
301296
}
302297

303-
const tableResourceIds = [
304-
...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Table::"([^"]+)"/g),
305-
].map((m) => m[1]);
298+
const tableResourceIds = [...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Table::"([^"]+)"/g)].map(
299+
(m) => m[1],
300+
);
306301

307302
for (const tableRef of tableResourceIds) {
308303
if (!tableRef.startsWith(`${connectionId}/`)) {
@@ -313,9 +308,9 @@ export class CedarAuthorizationService implements ICedarAuthorizationService, On
313308
}
314309
}
315310

316-
const dashboardResourceIds = [
317-
...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Dashboard::"([^"]+)"/g),
318-
].map((m) => m[1]);
311+
const dashboardResourceIds = [...cedarPolicy.matchAll(/resource\s*==\s*RocketAdmin::Dashboard::"([^"]+)"/g)].map(
312+
(m) => m[1],
313+
);
319314

320315
for (const dashboardRef of dashboardResourceIds) {
321316
if (!dashboardRef.startsWith(`${connectionId}/`)) {

0 commit comments

Comments
 (0)