set versions of agile-idm-core to use pdp.

david · david · commit 053847293e66 · 2016-12-14T14:37:54.000+01:00
and also set version of agile-idm-entity
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+*policies.json
 *node_modules*
 *.svn*
 *~
diff --git a/conf/agile-idm-core-conf.js b/conf/agile-idm-core-conf.js
@@ -1,53 +1,122 @@
 //{"target":{"type":"user"},"locks":[{"path":"hasId","args":["$owner"]}]
 module.exports = {
   "storage": {
-    "dbName": "./database_"
+    "dbName": "database_"
   },
-  "top_level_policy": {
-    "policy": [
-      /*
-      always I have entity_id and entity_type available (both are the pk)
-      user:{
-        entity_id,
-        entity_type,
-        user_name,
-        auth_type,
-        role,
-        *may have password
+  "policies": {
+    "dbName": "./policies.json",
+    "create_entity_policy": [
+      // actions of an actor are not restricted a priori
+      {
+        target: {
+          type: "any"
+        }
+      }, {
+        source: {
+          type: "any"
+        }
       }
-      for all attributes:
-        only owner can write
-        everyone can read
-      */
-    ]
-  },
-  "attribute_level_policies": {
-    "user": {
-      "password": {
-        "policy": [
-          // only user with id === $owner can read
-          // users with attribute role === admin can write, and user with id === $owner can write too.
-        ]
+    ],
+    "top_level_policy": [
+      // all properties can be read by everyone
+      {
+        target: {
+          type: "any"
+        }
       },
-      "role": {
-        "policy": [
-          // only users with attribute role === admin can write to role
-          // everyone can read
-        ],
+      // all properties can only be changed by the owner of the entity
+      {
+        source: {
+          type: "user"
+        },
+        locks: [{
+          lock: "isOwner"
+        }]
+      }, {
+        source: {
+          type: "user"
+        },
+        locks: [{
+          lock: "attrEq",
+          args: ["role", "admin"]
+        }]
       }
-    },
-    "sensor": {
-      "credentials": {
-        "policy": [
-          // only user with id === $owner can read
-          // only user with id === $owner can write
+    ],
+    "attribute_level_policies": {
+      "user": {
+        "password": [
+          // the property can only be read by the user itself
+          {
+            target: {
+              type: "user"
+            },
+            locks: [{
+              lock: "isOwner"
+            }]
+          },
+          // the property can be set by the user itself and
+          {
+            source: {
+              type: "user"
+            },
+            locks: [{
+              lock: "isOwner"
+            }]
+          },
+          // by all users with role admin
+          {
+            source: {
+              type: "user"
+            },
+            locks: [{
+              lock: "attrEq",
+              args: ["role", "admin"]
+            }]
+          }
         ],
-        "rule": {
-          "replace": "owner"
-        }
+        "role": [
+          // can be read by everyone
+          {
+            target: {
+              type: "any"
+            }
+          },
+          // can only be changed by users with role admin
+          {
+            source: {
+              type: "user"
+            },
+            locks: [{
+              lock: "attrEq",
+              args: ["role", "admin"]
+            }]
+          }
+        ]
+      },
+      "sensor": {
+        "credentials": [
+          // the property can only be read by the user itself
+          {
+            target: {
+              type: "user"
+            },
+            locks: [{
+              lock: "isOwner"
+            }]
+          },
+          // the property can be set by the user itself and
+          {
+            source: {
+              type: "user"
+            },
+            locks: [{
+              lock: "isOwner"
+            }]
+          }
+        ]
       }
-    }
 
+    }
   },
   "schema-validation": [{
     "id": "/sensor",
@@ -84,6 +153,9 @@ module.exports = {
       },
       "password": {
         "type": "string"
+      },
+      "role":{
+        "type":"string"
       }
     },
     "required": ["user_name", "auth_type"]
diff --git a/package.json b/package.json
@@ -8,8 +8,8 @@
     "test": "tests"
   },
   "dependencies": {
-    "agile-idm-core": "git+https://github.com/Agile-IoT/agile-idm-core",
-    "agile-idm-entity-storage": "git+https://github.com/Agile-IoT/agile-idm-entity-storage",
+    "agile-idm-core": "git+https://github.com/Agile-IoT/agile-idm-core#v1.0.0",
+    "agile-idm-entity-storage": "git+https://github.com/Agile-IoT/agile-idm-entity-storage#v1.0.0",
     "body-parser": "1.x",
     "clone": "1.0.2",
     "command-line-args": "^3.0.3",
diff --git a/scripts/createUser.js b/scripts/createUser.js
@@ -1,12 +1,12 @@
 var commandLineArgs = require('command-line-args');
 var getUsage = require('command-line-usage');
-var Storage = require('agile-idm-entity-storage').Storage;
 var ids = require('../lib/util/id');
+var IdmCore = require('agile-idm-core');
 
 /*
 Examples of usage:
   To create a local user wit username bob and password secret:
-  node createUser.js --username=bob --password=secret  --auth=agile-local
+  node createUser.js --username=bob --password=secret  --auth=agile-local --role=admin
   To create a user wit username abc that will authenticate using github:
   node createUser.js --username=abc --auth=github
   node createUser.js --username=dp --auth=pam
@@ -15,8 +15,8 @@ Examples of usage:
 
 */
 var sections = [{
-  header: 'AGILE IDM User Setup Script',
-  content: 'Creates  [italic]{users} which are administrators for IDM. This script is meant to be used during bootstrap of AGILE IDM'
+  header: 'AGILE IDM User Setup Script (FOR ADMIN USERS MAINLY!!)',
+  content: ' Creates  [italic]{users} which are administrators for IDM. This script is meant to be used during bootstrap of AGILE IDM [undeline]{Be careful when using this script. It bypasses security checks (to enable the creation of the first user) It is meant to create only admin users. Afterwards admin users can create other users}'
 }, {
   header: 'User info',
   optionList: [{
@@ -34,15 +34,22 @@ var sections = [{
       alias: 'p',
       typeLabel: '[underline]{String}',
       description: 'This argument is the password used for the user, and it MUST be passed when  auth is "agile-local".'
+    },
+    {
+      name: 'role (optional)',
+      alias: 'r',
+      typeLabel: '[underline]{String}',
+      description: 'This argument specifies the role of the user, by default this is set to admin".'
     }
 
+
   ]
 }, {
   header: "Configuration info (optional)",
   optionList: [{
     name: "config",
     alias: "c",
-    description: "location of the database. By default '../database_' executed relative to this script's path is used"
+    description: "location of the agile-idm-core configuration file. By default it takes the value from the configuration file in ../conf/agile-idm-core-conf.js, which should be '../database_' normally. This path is interpreted as relative to the parent folder"
   }]
 }, {
   header: "Help",
@@ -73,35 +80,111 @@ var optionDefinitions = [{
   name: 'help',
   alias: 'h',
   type: String
-}, ];
+},
+{
+  name: 'role',
+  alias: 'r',
+  type: String
+} ];
+
+
+var pepMockOk = {
+  declassify: function (userInfo, entityInfo) {
+    return new Promise(function (resolve, reject) {
+      resolve(entityInfo);
+    });
+  },
+  declassifyArray: function (userInfo, array) {
+    return new Promise(function (resolve, reject) {
+      resolve(array);
+    });
+  }
+};
+
+var PdpMockOk = {
+  canRead: function (userInfo, entityInfo) {
+    return new Promise(function (resolve, reject) {
+      resolve(entityInfo);
+    });
+  },
+  canDelete: function (userInfo, entityInfo) {
+    return new Promise(function (resolve, reject) {
+      resolve(entityInfo);
+    });
+  },
+  canReadArray: function (userInfo, entities) {
+    return new Promise(function (resolve, reject) {
+      //console.log('resolving with entities '+JSON.stringify(entities));
+      resolve(entities);
+    });
+  },
+  canWriteToAttribute: function (userInfo, entities, attributeName, attributeValue) {
+    return new Promise(function (resolve, reject) {
+      //console.log('resolving with entities '+JSON.stringify(entities));
+      resolve();
+    });
+  },
+  canUpdate: function (userInfo, entityInfo) {
+    return new Promise(function (resolve, reject) {
+      //console.log('resolving with entities '+JSON.stringify(entities));
+      resolve(entityInfo);
+    });
+  },
+  canWriteToAllAttributes: function (userInfo, entityInfo) {
+    return new Promise(function (resolve, reject) {
+      //console.log('resolving with entities '+JSON.stringify(entities));
+      resolve();
+    });
+  }
+
+};
+
+var admin = {
+  "id":"root!@!agile-local",
+  "type":"user",
+  "user_name": "root",
+  "auth_type": "agile-local",
+  "password": "secret",
+  "role": "admin",
+  "owner": "root!@!agile-local"
+};
 
 function help(err) {
   if (err)
     console.log(err);
   console.log(getUsage(sections));
 }
 var args;
-var config;
-
+var conf;
 var entity_type = "/user";
-var db_location = {
-  "storage": {
-    "dbName": "../database_"
-  }
-};
+
 try {
   args = commandLineArgs(optionDefinitions);
   if (args.hasOwnProperty("help"))
     help();
   else {
+    if(args.config){
+        conf = require(args.config);
+    }
+    else{
+      conf = require('../conf/agile-idm-core-conf');
+
+    }
+    //hack to execute relative to the upper directory
+    if(conf.storage.dbName.indexOf("/")!=0){
+      conf.storage.dbName = "../"+conf.storage.dbName;
+    }
+
+    if(conf.policies.dbName.indexOf("/")!=0){
+      conf.policies.dbName = "../"+conf.policies.dbName;
+    }
+
     if (args.auth === "agile-local" && !args.password)
       return help(new Error("When local authentication is used a password is required!"));
 
     if (args.username && args.auth) {
-      if (args.config)
-        db_location.storage.dbName = args.config;
 
-      var storage = new Storage(db_location);
+
       var user_id = ids.buildId(args.username, args.auth);
       var storage_id = {
         id: user_id,
@@ -113,10 +196,22 @@ try {
         auth_type: args.auth
 
       }
+      if(args.role){
+        user.role =args.role;
+      }
       if (args.password) {
         user.password = args.password;
       }
-      storage.createEntity(user_id, entity_type, user_id, user).then(function (result) {
+      var idmcore = new IdmCore(conf);
+      idmcore.setMocks(null, null, PdpMockOk, null, pepMockOk);
+      console.log(JSON.stringify(admin))
+      console.log(JSON.stringify(user_id))
+      console.log(JSON.stringify(entity_type))
+      console.log(JSON.stringify(user_id))
+      console.log(JSON.stringify(admin))
+      console.log(JSON.stringify(admin))
+      idmcore.createEntityAndSetOwner(admin, user_id, entity_type, user, user_id).then(function(result){
+
         console.log("SUCCESS: User created " + JSON.stringify(result));
       }, function fail(err) {
         console.warn("FAILURE: User cannot be created " + err);

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+*policies.json`
`1`	`2`	`node_modules`
`2`	`3`	`.svn`
`3`	`4`	`*~`