refactored method with http new logic (closes #51)

Tecsisa · Oct 5, 2016 · a601740 · a601740
1 parent 7de3b9d
commit a601740
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 52 deletions.
diff --git a/api/authz.go b/api/authz.go
@@ -136,6 +136,13 @@ func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, actio
 		return nil, err
 	}
 
+	if len(allowedUrns) < 1 {
+		return nil, &Error{
+			Code:    UNAUTHORIZED_RESOURCES_ERROR,
+			Message: fmt.Sprintf("User with externalId %v is not allowed to access to any resource", requestInfo.Identifier),
+		}
+	}
+
 	response := []string{}
 	for _, res := range allowedUrns {
 		response = append(response, res.GetUrn())

diff --git a/api/authz_test.go b/api/authz_test.go
@@ -380,6 +380,63 @@ func TestGetAuthorizedExternalResources(t *testing.T) {
 				Message: "Invalid parameter action product:DoPrefix*. Action parameter can't be a prefix",
 			},
 		},
+		"ErrortestCaseNoAllowedUrns": {
+			requestInfo: RequestInfo{
+				Identifier: "123456",
+				Admin:      false,
+			},
+			action: POLICY_ACTION_GET_POLICY,
+			resourceUrns: []string{
+				CreateUrn("example", RESOURCE_POLICY, "/path/", "policy1"),
+				CreateUrn("example", RESOURCE_POLICY, "/path/", "policy2"),
+				CreateUrn("example1", RESOURCE_POLICY, "/path/", "policy3"),
+			},
+			wantError: &Error{
+				Code:    UNAUTHORIZED_RESOURCES_ERROR,
+				Message: "User with externalId 123456 is not allowed to access to any resource",
+			},
+			getUserByExternalIDResult: &User{
+				ID:  "123456",
+				Urn: CreateUrn("", RESOURCE_USER, "/path/", "user1"),
+			},
+			getGroupsByUserIDResult: []TestUserGroupRelation{
+				{
+					Group: &Group{
+						ID:  "GROUP-USER-ID",
+						Urn: CreateUrn("example", RESOURCE_GROUP, "/path/", "groupUser"),
+					},
+				},
+			},
+			getAttachedPoliciesResult: []TestPolicyGroupRelation{
+				{
+					Policy: &Policy{
+						ID:  "POLICY-USER-ID",
+						Urn: CreateUrn("example", RESOURCE_POLICY, "/path/", "policyUser"),
+						Statements: &[]Statement{
+							{
+								Effect: "deny",
+								Actions: []string{
+									POLICY_ACTION_GET_POLICY,
+								},
+								Resources: []string{
+									GetUrnPrefix("example", RESOURCE_POLICY, "/path/"),
+								},
+							},
+							{
+								Effect: "allow",
+								Actions: []string{
+									POLICY_ACTION_GET_POLICY,
+								},
+								Resources: []string{
+									GetUrnPrefix("example", RESOURCE_POLICY, "/path/path2"),
+									GetUrnPrefix("example2", RESOURCE_POLICY, "/path/path2"),
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 		"OktestCaseFullUrnAllow": {
 			requestInfo: RequestInfo{
 				Identifier: "123456",
@@ -437,8 +494,9 @@ func TestGetAuthorizedExternalResources(t *testing.T) {
 				CreateUrn("example", RESOURCE_POLICY, "/path/", "policy1"),
 				CreateUrn("example", RESOURCE_POLICY, "/path/", "policy2"),
 				CreateUrn("example1", RESOURCE_POLICY, "/path/", "policy3"),
+				CreateUrn("example2", RESOURCE_POLICY, "/path/path2/", "policy3"),
 			},
-			expectedResources: []string{},
+			expectedResources: []string{CreateUrn("example2", RESOURCE_POLICY, "/path/path2/", "policy3")},
 			getUserByExternalIDResult: &User{
 				ID:  "123456",
 				Urn: CreateUrn("", RESOURCE_USER, "/path/", "user1"),

diff --git a/http/authz.go b/http/authz.go
@@ -1,12 +1,8 @@
 package http
 
 import (
-	"encoding/json"
 	"net/http"
 
-	"fmt"
-
-	"github.com/Tecsisa/foulkon/api"
 	"github.com/julienschmidt/httprouter"
 )
 
@@ -27,47 +23,18 @@ type AuthorizeResourcesResponse struct {
 
 func (h *WorkerHandler) HandleGetAuthorizedExternalResources(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	requestInfo := h.GetRequestInfo(r)
-	// Decode request
-	request := AuthorizeResourcesRequest{}
-	err := json.NewDecoder(r.Body).Decode(&request)
-	if err != nil {
-		apiError := &api.Error{
-			Code:    api.INVALID_PARAMETER_ERROR,
-			Message: err.Error(),
-		}
-		api.LogErrorMessage(h.worker.Logger, requestInfo, apiError)
-		h.RespondBadRequest(r, requestInfo, w, apiError)
+	// Process request
+	request := &AuthorizeResourcesRequest{}
+	requestInfo, _, apiErr := h.processHttpRequest(r, w, nil, request)
+	if apiErr != nil {
+		h.RespondBadRequest(r, requestInfo, w, apiErr)
 		return
 	}
 
 	// Retrieve allowed resources
 	result, err := h.worker.AuthzApi.GetAuthorizedExternalResources(requestInfo, request.Action, request.Resources)
-	if err != nil {
-		// Transform to API errors
-		apiError := err.(*api.Error)
-		api.LogErrorMessage(h.worker.Logger, requestInfo, apiError)
-		switch apiError.Code {
-		case api.INVALID_PARAMETER_ERROR:
-			h.RespondBadRequest(r, requestInfo, w, apiError)
-		case api.UNAUTHORIZED_RESOURCES_ERROR:
-			h.RespondForbidden(r, requestInfo, w, apiError)
-		default: // Unexpected API error
-			h.RespondInternalServerError(r, requestInfo, w)
-		}
-		return
-	}
-
-	if result == nil || len(result) < 1 {
-		h.RespondForbidden(r, requestInfo, w, &api.Error{
-			Code:    api.UNAUTHORIZED_RESOURCES_ERROR,
-			Message: fmt.Sprintf("User with externalId %v is not allowed to access to any resource", requestInfo.Identifier),
-		})
-		return
-	}
-
 	response := AuthorizeResourcesResponse{
 		ResourcesAllowed: result,
 	}
-
-	h.RespondOk(r, requestInfo, w, response)
+	h.processHttpResponse(r, w, requestInfo, response, err, http.StatusOK)
 }
diff --git a/http/authz_test.go b/http/authz_test.go
@@ -71,18 +71,6 @@ func TestWorkerHandler_HandleGetAuthorizedExternalResources(t *testing.T) {
 				Message: "Error",
 			},
 		},
-		"ErrorCaseUnauthorizedErrorEmptyList": {
-			request: &AuthorizeResourcesRequest{
-				Resources: []string{},
-				Action:    api.USER_ACTION_GET_USER,
-			},
-			expectedStatusCode: http.StatusForbidden,
-			expectedError: api.Error{
-				Code:    api.UNAUTHORIZED_RESOURCES_ERROR,
-				Message: "User with externalId userID is not allowed to access to any resource",
-			},
-			getAuthorizedExternalResourcesResult: []string{},
-		},
 		"ErrorCaseUnknownApiError": {
 			request: &AuthorizeResourcesRequest{
 				Resources: []string{},