search

rsinger86 / drf-access-policy

Declarative access policies/permissions modeled after AWS' IAM policies.
https://rsinger86.github.io/drf-access-policy/
MIT License
466 stars 50 forks source link

Inconsistent expression parsing #102

Open michal-klimek opened 7 months ago

michal-klimek commented 7 months ago

Hello, there is a problem with the BoolOperand.__new__ method. The returned operand would not properly work in such a case:

  1. Make a custom policy condition checking method, i.e. check_something.
  2. Use it in a form: check_something:{parent}.attribute_one.attribute_two inside a statement's condition and it works.
  3. Use it again in a condition_expression in a form not check_something:{parent}.attribute_one.attribute_two and it will silently fail, because characters like { and } are not recognized properly.

https://github.com/rsinger86/drf-access-policy/blob/68c4c2bba87935253600b023a8ec54fde8694b26/rest_access_policy/parsing.py#L69

It should rather be:

class BoolOperand(object):
    def __new__(cls):
        return TRUE | FALSE | Combine(Word(alphanums + "_", max=256) + ":" + Word(printables, max=256))