cierpuchaw
commented
5 years ago Not a big fan of squashing, but done as requested. Thanks for the review guys!
Closed cierpuchaw closed 5 years ago
cierpuchaw
commented
5 years ago Not a big fan of squashing, but done as requested. Thanks for the review guys!
BL-267: handle blacklisted tenant_id when creating resource.
We would always fail to create a resource when tenant_id is blacklisted in a matching policy. This was due to the fact that we filled the tenant_id field if it was not provided and was also defined in the schema. That way we always matched the blacklist filter.
This fix is implemented by splitting Policy.Check method into two new methods: CheckAccess and CheckPropertiesFilter. CheckAccess receives the filled in tenant_id/domain_id as it requires that info to perform authorization. CheckPropertiesFilter receives all the original parameters without those additionally filled in. So if tenant_id was not provided, it will not match against the blacklist/hidden filter. Updating resource was not performing any tenant_id/domain_id filling, so it still used the Check method (which is now implemented using the extracted methods) as it leads to simpler code. And to smaller diff.
Added HasPropertyId method to Schema as a simple wrapper of GetPropertyById, to simplify those call sites that do not need to access the property, just to check its existence. Added tests for both while at it.