Unverified Commit 44f4c5a6 authored by G33tha's avatar G33tha Committed by GitHub
Browse files

Merge pull request #3345 from keshavprasadms/release-4.9.0

fix: SB-29996 tnc api check rewrite to handle different scenarios
Showing with 160 additions and 4 deletions
+160 -4
......@@ -30,32 +30,85 @@ urls_to_action_mapping := {
"/v2/org/preferences/update": "updateTenantPreferences"
}
# Tnc API policy updates to handle different scenarios as explained below
# When some or all payloads are missing:
# 1. Missing userid and tnc type
# 2. Missing tnc type
# 3. Missing userid and tnc type not as orgAdminTnc / reportViewerTnc
# 4. Missing userid but tnc type as orgAdminTnc / reportViewerTnc
# When all payloads are present:
# 5. Both userid, tnc type present and tnc type not as orgAdminTnc / reportViewerTnc
# 6. Both userid, tnc type present and tnc type as orgAdminTnc / reportViewerTnc
# Issue identified as part of -
# - https://project-sunbird.atlassian.net/browse/SB-29723
# - https://project-sunbird.atlassian.net/browse/SB-29996
# Point #1
acceptTermsAndCondition {
super.public_role_check
not input.parsed_body.request.userId
not input.parsed_body.request.tncType
}
# Point #2
acceptTermsAndCondition {
super.public_role_check
input.parsed_body.request.userId == super.userid
not input.parsed_body.request.tncType
}
# Point #3
acceptTermsAndCondition {
super.public_role_check
not input.parsed_body.request.userId
not input.parsed_body.request.tncType in ["orgAdminTnc", "reportViewerTnc"]
}
# Point #4 - As orgAdminTnc
acceptTermsAndCondition {
acls := ["acceptTnc"]
roles := ["ORG_ADMIN"]
super.acls_check(acls)
super.role_check(roles)
not input.parsed_body.request.userId
"orgAdminTnc" == input.parsed_body.request.tncType
}
# Point #4 - As reportViewerTnc
acceptTermsAndCondition {
acls := ["acceptTnc"]
roles := ["REPORT_VIEWER", "REPORT_ADMIN"]
super.acls_check(acls)
super.role_check(roles)
not input.parsed_body.request.userId
"reportViewerTnc" == input.parsed_body.request.tncType
}
# Point #5
acceptTermsAndCondition {
super.public_role_check
input.parsed_body.request.userId == super.userid
not input.parsed_body.request.tncType in ["orgAdminTnc", "reportViewerTnc"]
}
# Optional request.userId - https://project-sunbird.atlassian.net/browse/SB-29723
# Point #6 - As orgAdminTnc
acceptTermsAndCondition {
super.public_role_check
not input.parsed_body.request.tncType
not input.parsed_body.request.userId
acls := ["acceptTnc"]
roles := ["ORG_ADMIN"]
super.acls_check(acls)
super.role_check(roles)
input.parsed_body.request.userId == super.userid
"orgAdminTnc" == input.parsed_body.request.tncType
}
# Point #6 - As reportViewerTnc
acceptTermsAndCondition {
acls := ["acceptTnc"]
roles := ["REPORT_VIEWER", "REPORT_ADMIN"]
super.acls_check(acls)
super.role_check(roles)
input.parsed_body.request.userId == super.userid
"reportViewerTnc" == input.parsed_body.request.tncType
}
updateUser {
......
......@@ -32,6 +32,32 @@ test_accept_terms_and_conditions_as_org_admin {
}
}
test_accept_terms_and_conditions_as_org_admin_with_userid {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
with input as
{
"attributes": {
"request": {
"http": {
"headers": {
"x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
},
"path": "/v1/user/tnc/accept"
}
}
},
"parsed_body": {
"request": {
"userId": "28b0d08f-c2ea-40d1-bcd0-8ae00fca66be",
"tncType": "orgAdminTnc",
"version": "4.7.0"
}
}
}
}
test_accept_terms_and_conditions_as_report_viewer {
data.main.allow.allowed
with data.common.current_time as current_time
......@@ -57,6 +83,32 @@ test_accept_terms_and_conditions_as_report_viewer {
}
}
test_accept_terms_and_conditions_as_report_viewer_with_userid {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
with input as
{
"attributes": {
"request": {
"http": {
"headers": {
"x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiQk9PS19DUkVBVE9SIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPTlRFTlRfQ1JFQVRPUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJDT05URU5UX1JFVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6IkNPVVJTRV9NRU5UT1IiLCJzY29wZSI6W3sib3JnYW5pc2F0aW9uSWQiOiIwMTM2OTg3ODc5NzUwMzY5MjgxMCJ9XX0seyJyb2xlIjoiUFJPR1JBTV9ERVNJR05FUiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn1dfSx7InJvbGUiOiJSRVBPUlRfVklFV0VSIiwic2NvcGUiOlt7Im9yZ2FuaXNhdGlvbklkIjoiMDEzNjk4Nzg3OTc1MDM2OTI4MTAifV19LHsicm9sZSI6Ik9SR19BRE1JTiIsInNjb3BlIjpbeyJvcmdhbmlzYXRpb25JZCI6IjAxMzY5ODc4Nzk3NTAzNjkyODEwIn0seyJvcmdhbmlzYXRpb25JZCI6IjAxNDcxOTIzNTY3ODEyMzQ1Njc4In1dfSx7InJvbGUiOiJQVUJMSUMiLCJzY29wZSI6W119XSwiaXNzIjoiaHR0cHM6Ly9zdW5iaXJkZWQub3JnL2F1dGgvcmVhbG1zL3N1bmJpcmQiLCJuYW1lIjoiZGVtbyIsInR5cCI6IkJlYXJlciIsImV4cCI6MTY0MDIzNjEwMiwiaWF0IjoxNjQwMTQ5NzA1fQ.B3-TSdYSOlawPHjFdiRjXwvRbYQ_eH_HTiLKlH7vGS0rCOJ6HQbYyWOhZ7vbZPb3virkuyfhykFcYCEHBCkHY-fwGAeU58Pmhi0dnNJkR59Fa9y_75W98JXZW68HROp62ntEAKCA1oot_U4tYi-8UNoR17Gszj9iYzFEBc6TZA4Lrom_9gqhBOYzL0ISFWSS6oG94EaaKDYHyWzCSjU2nYRB_fn-tODmnVJ12GRJAc1oM9y54o8neNYsl4T_xPyD34v-CinUJM8jzDjFqK5_O3HnAbcmXvkZjFRgfk4mF1V4s5hlsTJGyhi2JOPh90C5N-HbAY8QsPBnzgYFQU_sww"
},
"path": "/v1/user/tnc/accept"
}
}
},
"parsed_body": {
"request": {
"userId": "28b0d08f-c2ea-40d1-bcd0-8ae00fca66be",
"tncType": "reportViewerTnc",
"version": "4.7.0"
}
}
}
}
test_accept_terms_and_conditions_as_public_user {
data.main.allow.allowed
with data.common.current_time as current_time
......@@ -106,6 +158,57 @@ test_accept_terms_and_conditions_as_public_user_without_userid {
}
}
test_accept_terms_and_conditions_as_public_user_without_userid_other_tnc_types {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
with input as
{
"attributes": {
"request": {
"http": {
"headers": {
"x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiUFVCTElDIiwic2NvcGUiOltdfV0sImlzcyI6Imh0dHBzOi8vc3VuYmlyZGVkLm9yZy9hdXRoL3JlYWxtcy9zdW5iaXJkIiwibmFtZSI6ImRlbW8iLCJ0eXAiOiJCZWFyZXIiLCJleHAiOjE2NDAyMzYxMDIsImlhdCI6MTY0MDE0OTcwNX0.iyFqdJG_9xF07S94bkfVDiWHmDWAmhCEmapu37Mto78s5OkOJQy-agXFjtQtgV5rFudHiVRukNpKXqlJ8GhasmW7fSEPL-fDKMilMIi4JCZi7d19AkFeq8mX0rI31m3zjCv-TcMPPWWNM4udR7kSj-tUOB-vupGZ1iRAtQU2lqrUCl1A84UYDqnJTokz6RVlr_Z4lRCzFn__aGsDZXO8h7juM4mAepVMy3wVhmbKR2R5WF5xQIvVjzEveRYj8P26VUg73wo_RtyRI5mQjbxyBaIX287pWe3kCu1KKwYQkBlRLx9da39g9TKZWXxD5ArCYMC83EmEeFI0LJicYDTXFg"
},
"path": "/v1/user/tnc/accept"
}
}
},
"parsed_body": {
"request": {
"version": "v8",
"tncType": "groupsTnc"
}
}
}
}
test_accept_terms_and_conditions_as_public_user_with_userid_other_tnc_types {
data.main.allow.allowed
with data.common.current_time as current_time
with data.common.iss as iss
with input as
{
"attributes": {
"request": {
"http": {
"headers": {
"x-authenticated-user-token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImFjY2Vzc3YxX2tleTEifQ.eyJhdWQiOiJodHRwczovL3N1bmJpcmRlZC5vcmcvYXV0aC9yZWFsbXMvc3VuYmlyZCIsInN1YiI6ImY6NWJiNmM4N2MtN2M4OC00ZDJiLWFmN2UtNTM0YTJmZWY5NzhkOjI4YjBkMDhmLWMyZWEtNDBkMS1iY2QwLThhZTAwZmNhNjZiZSIsInJvbGVzIjpbeyJyb2xlIjoiUFVCTElDIiwic2NvcGUiOltdfV0sImlzcyI6Imh0dHBzOi8vc3VuYmlyZGVkLm9yZy9hdXRoL3JlYWxtcy9zdW5iaXJkIiwibmFtZSI6ImRlbW8iLCJ0eXAiOiJCZWFyZXIiLCJleHAiOjE2NDAyMzYxMDIsImlhdCI6MTY0MDE0OTcwNX0.iyFqdJG_9xF07S94bkfVDiWHmDWAmhCEmapu37Mto78s5OkOJQy-agXFjtQtgV5rFudHiVRukNpKXqlJ8GhasmW7fSEPL-fDKMilMIi4JCZi7d19AkFeq8mX0rI31m3zjCv-TcMPPWWNM4udR7kSj-tUOB-vupGZ1iRAtQU2lqrUCl1A84UYDqnJTokz6RVlr_Z4lRCzFn__aGsDZXO8h7juM4mAepVMy3wVhmbKR2R5WF5xQIvVjzEveRYj8P26VUg73wo_RtyRI5mQjbxyBaIX287pWe3kCu1KKwYQkBlRLx9da39g9TKZWXxD5ArCYMC83EmEeFI0LJicYDTXFg"
},
"path": "/v1/user/tnc/accept"
}
}
},
"parsed_body": {
"request": {
"userId": "28b0d08f-c2ea-40d1-bcd0-8ae00fca66be",
"version": "v8",
"tncType": "groupsTnc"
}
}
}
}
test_update_user {
data.main.allow.allowed
with data.common.current_time as current_time
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment