Skip to content

feat: change types of sessions #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ZohebShaikh wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: change types of sessions #302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions policy/diamond/policy/tiled/tiled.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ _session := data.diamond.data.proposals[format_int(input.proposal, 10)].sessions

# Returns the session ID if the subject has write permissions for the
# specific beamline, visit and proposal requested in the input.
user_session := to_number(_session) if {
user_session := format_int(_session, 10) if {
session.write_to_beamline_visit
_session
}

# service account check
user_session := to_number(_session) if {
user_session := format_int(_session, 10) if {
input.beamline == token.claims.beamline
input.beamline == session.beamline_for(input.proposal, input.visit)
_session in data.diamond.data.beamlines[input.beamline].sessions
Expand Down Expand Up @@ -81,20 +81,20 @@ user_sessions contains "*" if {
admin.is_admin(token.claims.fedid)
}

user_sessions contains to_number(session) if {
user_sessions contains format_int(session, 10) if {
subject
not admin.is_admin(token.claims.fedid)
some session in subject.sessions
}

user_sessions contains to_number(session) if {
user_sessions contains format_int(session, 10) if {
subject
not admin.is_admin(token.claims.fedid)
some beamline in beamlines
some session in data.diamond.data.beamlines[beamline].sessions
}

user_sessions contains to_number(session) if {
user_sessions contains format_int(session, 10) if {
subject
not admin.is_admin(token.claims.fedid)
some p in subject.proposals
Expand All @@ -103,7 +103,7 @@ user_sessions contains to_number(session) if {
}

# service account check
user_sessions contains to_number(session) if {
user_sessions contains format_int(session, 10) if {
not subject
some session in data.diamond.data.beamlines[token.claims.beamline].sessions
}
16 changes: 8 additions & 8 deletions policy/diamond/policy/tiled/tiled_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,20 +93,20 @@ diamond_data := {
test_user_session_tags if {
tiled.user_sessions == set() with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "oscar"}
tiled.user_sessions == {11, 12} with data.diamond.data as diamond_data
tiled.user_sessions == {"11", "12"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "alice"}
tiled.user_sessions == {11, 12, 13, 14} with data.diamond.data as diamond_data
tiled.user_sessions == {"11", "12", "13", "14"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "bob"}
tiled.user_sessions == {"*"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "carol"}
tiled.user_sessions == {13, 14} with data.diamond.data as diamond_data
tiled.user_sessions == {"13", "14"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "desmond"}
tiled.user_sessions == {13, 14} with data.diamond.data as diamond_data
tiled.user_sessions == {"13", "14"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"fedid": "edna"}
}

test_user_session_allow if {
tiled.user_session == 11 with data.diamond.data as diamond_data
tiled.user_session == "11" with data.diamond.data as diamond_data
with input as {"beamline": "i03", "proposal": 1, "visit": 1}
with data.diamond.policy.token.claims as {"fedid": "carol"}
}
Expand All @@ -132,7 +132,7 @@ test_modify_session if {
# Service account tests

test_user_session_allow_service_account_on_beamline if {
tiled.user_session == 11 with data.diamond.data as diamond_data
tiled.user_session == "11" with data.diamond.data as diamond_data
with input as {"beamline": "i03", "proposal": 1, "visit": 1}
with data.diamond.policy.token.claims as {"beamline": "i03"}
}
Expand Down Expand Up @@ -168,9 +168,9 @@ test_modify_session_on_none_existent_beamline if {
}

test_user_session_tags_service_account if {
tiled.user_sessions == {11} with data.diamond.data as diamond_data
tiled.user_sessions == {"11"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"beamline": "i03"}
tiled.user_sessions == {12, 13, 14} with data.diamond.data as diamond_data
tiled.user_sessions == {"12", "13", "14"} with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"beamline": "b07"}
tiled.user_sessions == set() with data.diamond.data as diamond_data
with data.diamond.policy.token.claims as {"beamline": "b007"}
Expand Down
Loading