We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have a case in plug router as such.
case conn.params["action"] do "create" -> %{"body" => record} = conn.params if check_if_table_exixts(record["id"]) do perms = create_table_helper(get_table_name(record["id"])) |> IO.inspect() claims = Guardian.Plug.current_claims(conn) has_all_these_things? = claims |> Dynamic.Guardian.decode_permissions_from_claims |> IO.inspect() |> Dynamic.Guardian.all_permissions?(perms) |> IO.inspect() if has_all_these_things? do DataHandler.Request.create(conn, opts) else send_resp(conn, 403, Jason.encode!(%{"error" => "unautherized"})) end else send_resp(conn, 400, Jason.encode!(%{"error" => "table does not exist"})) end "update" -> %{"body" => record} = conn.params perms = update_table_helper(get_table_name(record["id"])) |> IO.inspect() has_all_things? = Guardian.Plug.current_claims(conn) |> Dynamic.Guardian.decode_permissions_from_claims() |> Dynamic.Guardian.all_permissions?(perms) if has_all_things? do DataHandler.Request.update(conn, opts) else send_resp(conn, 403, Jason.encode!(%{"error" => "unautherized"})) end "delete" -> %{"body" => record} = conn.params perms = delete_table_helper(get_table_name(record["id"])) |> IO.inspect() has_all_things? = Guardian.Plug.current_claims(conn) |> Dynamic.Guardian.decode_permissions_from_claims() |> Dynamic.Guardian.all_permissions?(perms) if has_all_things? do DataHandler.Request.delete(conn, opts) else send_resp(conn, 403, Jason.encode!(%{"error" => "unautherized"})) end "read" -> %{"body" => record} = conn.params perms = read_table_helper(get_table_name(record["id"])) |> IO.inspect() has_all_these_things? = Guardian.Plug.current_claims(conn) |> Dynamic.Guardian.decode_permissions_from_claims() |> IO.inspect() |> Dynamic.Guardian.all_permissions?(perms) |> IO.inspect() if has_all_these_things? do DataHandler.Request.read(conn, opts) else send_resp(conn, 403, Jason.encode!(%{"error" => "unautherized"})) end _ -> send_resp(conn, 403, Jason.encode!(%{"error" => "no action provided"})) end
Im testing the read case match - I have a macro that generates the permission as %{ <table_name> : [:<table_name>_read]
I'm logging the objects to iex with IO.inspect
as you can see in the logs I've logged the available permissions and the provided permission set:
even though the permission set is not within the structure or claims the function all_permissions? returns 'true'
Logs
iex|1|▶▶▶ 10:59:00.581 [debug] POST /api/v1/data 10:59:00.687 [debug] QUERY OK source="users" db=12.2ms decode=2.1ms queue=1.0ms idle=154.7ms SELECT u0."id", u0."name", u0."email", u0."password_hash", u0."inserted_at", u0."updated_at", r1."id", r1."name", r1."permissions", r1."registerable", r1."inserted_at", r1."updated_at" FROM "users" AS u0 LEFT OUTER JOIN "user_roles" AS u2 ON u2."user_id" = u0."id" LEFT OUTER JOIN "roles" AS r1 ON u2."role_id" = r1."id" WHERE (u0."id" = $1) [<<18, 84, 245, 201, 110, 29, 71, 214, 138, 58, 156, 108, 6, 206, 177, 122>>] 10:59:00.696 [debug] QUERY OK source="users" db=2.6ms idle=177.4ms SELECT u0."id", u0."name", u0."email", u0."password_hash", u0."inserted_at", u0."updated_at", r1."id", r1."name", r1."permissions", r1."registerable", r1."inserted_at", r1."updated_at" FROM "users" AS u0 LEFT OUTER JOIN "user_roles" AS u2 ON u2."user_id" = u0."id" LEFT OUTER JOIN "roles" AS r1 ON u2."role_id" = r1."id" WHERE (u0."id" = $1) [<<18, 84, 245, 201, 110, 29, 71, 214, 138, 58, 156, 108, 6, 206, 177, 122>>] 10:59:00.733 [debug] QUERY OK source="base" db=3.6ms queue=0.8ms idle=212.9ms SELECT TRUE FROM "base" AS b0 WHERE (b0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.735 [debug] QUERY OK source="tables" db=0.9ms queue=0.9ms idle=217.5ms SELECT TRUE FROM "tables" AS t0 WHERE (t0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.737 [debug] QUERY OK source="tables" db=0.8ms queue=0.7ms idle=219.7ms SELECT t0."id", t0."name", t0."parent", t0."permissions", t0."schema", t0."relations", t0."inserted_at", t0."updated_at" FROM "tables" AS t0 WHERE (t0."id" = $1) [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.741 [debug] QUERY OK source="base" db=3.7ms idle=221.3ms SELECT TRUE FROM "base" AS b0 WHERE (b0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.742 [debug] QUERY OK source="tables" db=1.4ms idle=225.2ms SELECT TRUE FROM "tables" AS t0 WHERE (t0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.743 [debug] QUERY OK source="tables" db=0.8ms idle=226.8ms SELECT t0."id", t0."name", t0."parent", t0."permissions", t0."schema", t0."relations", t0."inserted_at", t0."updated_at" FROM "tables" AS t0 WHERE (t0."id" = $1) [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] %{test_table5: [:read_test_table5]} %{ groups: [:create_groups, :delete_groups, :read_groups, :update_groups], groups_roles: [:create_groups_roles, :delete_groups_roles, :read_groups_roles, :update_groups_roles], groups_users: [:create_groups_users, :delete_groups_users, :read_groups_users, :update_groups_users], records: [:create_records, :delete_records, :read_records, :update_records], roles: [:create_roles, :delete_roles, :read_roles, :update_roles], tables: [:create_tables, :delete_tables, :read_tables, :update_tables], user_groups: [:create_user_groups, :delete_user_groups, :read_user_groups, :update_user_groups], users: [:create_users, :delete_users, :read_users, :update_users], users_roles: [:create_users_roles, :delete_users_roles, :read_users_roles, :update_users_roles], views: [:create_views, :delete_views, :read_views, :update_views] } true 10:59:00.747 [debug] QUERY OK source="base" db=3.5ms idle=228.0ms SELECT TRUE FROM "base" AS b0 WHERE (b0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.749 [debug] QUERY OK source="tables" db=1.3ms idle=231.7ms SELECT TRUE FROM "tables" AS t0 WHERE (t0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.752 [debug] QUERY OK source="base" db=3.3ms idle=65.2ms SELECT TRUE FROM "base" AS b0 WHERE (b0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.753 [debug] QUERY OK source="tables" db=0.7ms idle=56.6ms SELECT TRUE FROM "tables" AS t0 WHERE (t0."id" = $1) LIMIT 1 [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.754 [debug] QUERY OK source="tables" db=0.4ms idle=20.2ms SELECT t0."id", t0."name", t0."parent", t0."permissions", t0."schema", t0."relations", t0."inserted_at", t0."updated_at" FROM "tables" AS t0 WHERE (t0."id" = $1) [<<237, 146, 46, 53, 9, 50, 70, 51, 144, 178, 151, 198, 225, 177, 77, 199>>] 10:59:00.757 [debug] QUERY OK db=0.4ms queue=0.3ms idle=20.6ms SELECT json_agg(t.*) as data from test_table5 t; [] 10:59:00.758 [debug] Sent 200 in 176ms
I would expect the function to return false as the provided permission %{test_table5: [:read_test_table5]} does not exist in the permissions:
%{ groups: [:create_groups, :delete_groups, :read_groups, :update_groups], groups_roles: [:create_groups_roles, :delete_groups_roles, :read_groups_roles, :update_groups_roles], groups_users: [:create_groups_users, :delete_groups_users, :read_groups_users, :update_groups_users], records: [:create_records, :delete_records, :read_records, :update_records], roles: [:create_roles, :delete_roles, :read_roles, :update_roles], tables: [:create_tables, :delete_tables, :read_tables, :update_tables], user_groups: [:create_user_groups, :delete_user_groups, :read_user_groups, :update_user_groups], users: [:create_users, :delete_users, :read_users, :update_users], users_roles: [:create_users_roles, :delete_users_roles, :read_users_roles, :update_users_roles], views: [:create_views, :delete_views, :read_views, :update_views] }
the function returns true for any permission
Worth noting im providing only one permission set to all_permissions?
Is there something Im missing here.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Steps to Reproduce
I have a case in plug router as such.
Im testing the read case match - I have a macro that generates the permission as %{ <table_name> : [:<table_name>_read]
I'm logging the objects to iex with IO.inspect
as you can see in the logs I've logged the available permissions and the provided permission set:
even though the permission set is not within the structure or claims the function all_permissions? returns 'true'
Logs
Expected Result
I would expect the function to return false as the provided permission %{test_table5: [:read_test_table5]} does not exist in the permissions:
%{
groups: [:create_groups, :delete_groups, :read_groups, :update_groups],
groups_roles: [:create_groups_roles, :delete_groups_roles, :read_groups_roles,
:update_groups_roles],
groups_users: [:create_groups_users, :delete_groups_users, :read_groups_users,
:update_groups_users],
records: [:create_records, :delete_records, :read_records, :update_records],
roles: [:create_roles, :delete_roles, :read_roles, :update_roles],
tables: [:create_tables, :delete_tables, :read_tables, :update_tables],
user_groups: [:create_user_groups, :delete_user_groups, :read_user_groups,
:update_user_groups],
users: [:create_users, :delete_users, :read_users, :update_users],
users_roles: [:create_users_roles, :delete_users_roles, :read_users_roles,
:update_users_roles],
views: [:create_views, :delete_views, :read_views, :update_views]
}
Actual Result
the function returns true for any permission
Worth noting im providing only one permission set to all_permissions?
Is there something Im missing here.
The text was updated successfully, but these errors were encountered: