Refactor acl checker to use solid-permissions lib #443
Conversation
package.json
Outdated
| "rimraf": "^2.5.0", | ||
| "run-waterfall": "^1.1.3", | ||
| "solid-namespace": "^0.1.0", | ||
| "solid-permissions": "git://github.com/solid/solid-permissions.git#dz_allows_helpers", |
There was a problem hiding this comment.
Temporary (for this pr review only), until PR solid-contrib/solid-permissions#3 gets merged.
dmitrizagidulin
force-pushed
the
external_permissions_lib
branch
from
4cf58ce to
80e0675
Compare
lib/acl-checker.js
Outdated
| var possibleACLs = ACLChecker.possibleACLs(resource, this.suffix) | ||
| // If this is an ACL, Control mode must be present for any operations | ||
| if (this.isAcl(resource)) { | ||
| if (this.isAcl(resource, this.suffix)) { |
There was a problem hiding this comment.
Can this.suffix not be used directly in this.isAcl?
In the rest of the code this.isAcl doesn't take any second parameter
There was a problem hiding this comment.
Yeah, missed this bit when I was refactoring. Thanks!
| rdf: rdf, | ||
| strictOrigin: this.strictOrigin, | ||
| isAcl: (uri) => { return this.isAcl(uri) }, | ||
| aclUrlFor: (uri) => { return this.aclUrlFor(uri) } |
There was a problem hiding this comment.
at this point, can we not pass the entire ACL instance?
(maybe not)
There was a problem hiding this comment.
We could? I'd rather be explicit, though..
| let aclOptions = { | ||
| aclSuffix: this.suffix, | ||
| graph: graph, | ||
| host: options.host, |
There was a problem hiding this comment.
how is this used?
where is host set and what is this set to?
There was a problem hiding this comment.
host gets set in the allow handler, here.
It's used by the 'enforce strict origin' code in the permissions lib.
dan-f
left a comment
dan-f
left a comment
There was a problem hiding this comment.
A couple requests
- Could you help me with my API questions?
- It looks like you introduced some error handling in
findRule. Could you add tests to cover that error handling?
Looks good other than that!
| } | ||
| return callback(null) | ||
| }) | ||
| .catch(err => { |
There was a problem hiding this comment.
Could you clarify the distinction between a rejected promise and a resolved promise with a falsy value in checkAccess?
There was a problem hiding this comment.
Sure thing. checkAccess() resolves with either a truthy value (which means the user has access), or a falsy value (which means the user does not have access). A rejected promise means an error (parsing error, argument error, network errors, etc).
lib/acl-checker.js
Outdated
| } | ||
|
|
||
| /** | ||
| * @method findRule |
There was a problem hiding this comment.
Awesome JSDoc, but what does this method do?
There was a problem hiding this comment.
Heh, yeah, I s'pose it wouldn't hurt to add an actual description.
| .then(hasAccess => { | ||
| if (hasAccess) { | ||
| debug(`${mode} access permitted to ${user}`) | ||
| return callback() |
There was a problem hiding this comment.
Since this method is called findRule, I think I assumed that the callback function would get passed the access rule/policy for the given user.
There was a problem hiding this comment.
Yeah, now that it's refactored the findRule name doesn't make as much sense. I'll rename it to something like checkAccess.
I don't think there's any additional error handling introduced. The existing test suite should cover the various cases. |
I don't see tests for the "parsing error, argument error, network errors" cases. |
Those belong in the permissions library, though, not here. |
... which I just checked and does not have tests for such cases. |
|
I'm not sure I understand your point. This PR is a net increase in test coverage, in this acl checking code. |
My point is that |
|
@dan-f so I've been looking at this issue (testing the |
|
@dmitrizagidulin the code path I'm thinking of is where the call to |
|
@dan-f Added |
|
Looks awesome, @dmitrizagidulin. Thanks! 👍 |
No description provided.