made changes in the permissions to improve pilot operator relationships

iSPIRT · Jan 27, 2024 · 251a53d · 251a53d
1 parent 7d91e09
commit 251a53d
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 40 deletions.
diff --git a/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java b/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java
@@ -76,7 +76,7 @@ public boolean associateCAAToPlatform(String caaResourceID) {
         );
     }
 
-    if (tokenValue != null) {
+    if (tokenValue != null && tokenValue.length() > 0) {
       return true;
     } else {
       return false;
@@ -356,7 +356,7 @@ public boolean isFlightOperationsAdmin(String pilotUserID, String operatorResour
 
   /** This function is used to add pilot user to operator */
   public boolean addPilotToOperator(
-    String pilotUserID,
+    String pilotResourceID,
     String operatorResourceID,
     String operatorUserID
   ) {
@@ -377,7 +377,7 @@ public boolean addPilotToOperator(
           RelationshipType.PILOT,
           operatorResourceID,
           ResourceType.OPERATOR,
-          pilotUserID,
+          pilotResourceID,
           SubjectType.PILOT
         );
     }
@@ -575,6 +575,19 @@ public Set<String> lookupResourcesForRegulatorApproval(String caaAdminsUserID) {
     return resourceIDSetForApproval;
   }
 
+  public boolean lookupRegulator(String resourceID) {
+    Set<String> resourceSet = spicedbClient.lookupResources(
+      RelationshipType.PLATFORM,
+      ResourceType.CAA,
+      SubjectType.PLATFORM,
+      AuthZConstants.PLATFORM_ID
+    );
+
+    System.out.println(resourceSet);
+
+    return resourceSet.contains(resourceID);
+  }
+
   public Set<String> lookupRegulator() {
     Set<String> resourceSet = spicedbClient.lookupResources(
       RelationshipType.PLATFORM,

diff --git a/reference-implementation/src/main/resources/resource_permission.yaml b/reference-implementation/src/main/resources/resource_permission.yaml
@@ -22,8 +22,8 @@ schema: |-
   definition pilot {
   	relation flight_operator: user
   	relation regulator: caa
-  	permission approve = regulator->super_admin
   	permission flight_operations_admin = flight_operator
+  	permission approve = regulator->super_admin
   }
 
   /** producer of uas and uas types */
@@ -60,8 +60,8 @@ schema: |-
   	relation manufacturer: manufacturer
   	relation regulator: caa
   	relation owner: operator | pilot
-  	permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin
-  	permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin
+  	permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin
+  	permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin
   }
 
   /** defines relationships of uastype with regulator and manufacturer */

diff --git a/reference-implementation/src/main/resources/spicedb_permissions.txt b/reference-implementation/src/main/resources/spicedb_permissions.txt
@@ -1,3 +1,4 @@
+
   /** user represents a user */
   definition user {}
 
@@ -21,8 +22,8 @@
   definition pilot {
   	relation flight_operator: user
   	relation regulator: caa
-  	permission approve = regulator->super_admin
   	permission flight_operations_admin = flight_operator
+  	permission approve = regulator->super_admin
   }
 
   /** producer of uas and uas types */
@@ -59,8 +60,8 @@
   	relation manufacturer: manufacturer
   	relation regulator: caa
   	relation owner: operator | pilot
-  	permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin
-  	permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin
+  	permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin
+  	permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin
   }
 
   /** defines relationships of uastype with regulator and manufacturer */
@@ -95,3 +96,4 @@
   	permission super_admin = administrator
   	permission approve = regulator->super_admin
   }
+
diff --git a/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java b/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java
@@ -7,9 +7,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jwt.SignedJWT;
-import in.ispirt.pushpaka.authorisation.RelationshipType;
 import in.ispirt.pushpaka.authorisation.ResourceType;
-import in.ispirt.pushpaka.authorisation.SubjectType;
 import in.ispirt.pushpaka.authorisation.utils.AuthZ;
 import in.ispirt.pushpaka.utils.Logging;
 import java.io.IOException;
@@ -68,7 +66,7 @@ private static String loginUser(java.util.Map.Entry<String, String> user)
     List<NameValuePair> formparams = Arrays.asList(
       new BasicNameValuePair("client_id", "backend"),
       new BasicNameValuePair("grant_type", "password"),
-      new BasicNameValuePair("client_secret", "qV6lTdv59FyBL1kn2bRnp6LQF4HVxOkk"),
+      new BasicNameValuePair("client_secret", "Gm236XNRzKTG04hOiXjhRIgZ59krCOFG"),
       new BasicNameValuePair("scope", "openid"),
       new BasicNameValuePair("username", user.getKey()),
       new BasicNameValuePair("password", user.getValue())

diff --git a/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java b/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java
@@ -51,8 +51,7 @@ public void testCreatePlatformUser() {
   public void testAssociateCAAToPlatform() {
     // caa:caa-authority#platform@platform:digital-sky-platform
 
-    String CAAResourceID = "caa-authority";
-    boolean isSuccess = authZ.associateCAAToPlatform(CAAResourceID);
+    boolean isSuccess = authZ.associateCAAToPlatform(authZ.getCaaResourceID());
 
     assertTrue(isSuccess);
   }
@@ -61,12 +60,11 @@ public void testAssociateCAAToPlatform() {
   public void testCreateCAAAdministrator() {
     // caa:caa-authority#administrator@user:caa-user
 
-    String caaResourceID = "caa-authority";
     String caaResourceAdminID = "caa-user";
     String platformAdminId = "platform-user";
 
     boolean isSuccess = authZ.createCAAAdmin(
-      caaResourceID,
+      authZ.getCaaResourceID(),
       caaResourceAdminID,
       platformAdminId
     );
@@ -187,28 +185,40 @@ public void testIsResourceAdministratorNegative() {
   @Test
   public void testAddPilotToOperator() {
     // pilot:default-pilot-group#member@user:pilot-user-2
+    String pilotResourceID = "pilot-resource-1";
     String pilotUserID = "pilot-user-1";
     String operatorResourceID = "operator-1";
     String operatorAdminUserID = "operator-user";
 
-    boolean isSuccess = authZ.addPilotToOperator(
+    boolean addPilot = authZ.addPilot(
+      pilotResourceID,
       pilotUserID,
+      authZ.getCaaResourceID()
+    );
+
+    boolean isSuccess = authZ.addPilotToOperator(
+      pilotResourceID,
       operatorResourceID,
       operatorAdminUserID
     );
 
-    assertTrue(isSuccess);
+    boolean isPilotflightOperationsAdmin = authZ.isFlightOperationsAdmin(
+      pilotUserID,
+      operatorResourceID
+    );
+
+    assertTrue(addPilot && isSuccess && isPilotflightOperationsAdmin);
   }
 
   @Test
   public void testRemovePilotToOperator() {
-    // pilot:default-pilot-group#member@user:pilot-user-2
-    String pilotUserID = "pilot-user-1";
+    // pilot:default-pilot-group#member@user:pilot-user-
+    String pilotResourceID = "pilot-resource-1";
     String operatorResourceID = "operator-1";
     String operatorAdminUserID = "operator-user";
 
     boolean isSuccess = authZ.removePilotFromOperator(
-      pilotUserID,
+      pilotResourceID,
       operatorResourceID,
       operatorAdminUserID
     );
@@ -219,29 +229,19 @@ public void testRemovePilotToOperator() {
   @Test
   public void testAddPilotToOperatoNegative() {
     // pilot:default-pilot-group#member@user:pilot-user-2
-    String pilotUserID = "pilot-user-1";
+    String pilotResourceID = "pilot-resource";
     String operatorResourceID = "operator-1";
     String operatorAdminUserID = "operator-user-1";
 
     boolean isSuccess = authZ.addPilotToOperator(
-      pilotUserID,
+      pilotResourceID,
       operatorResourceID,
       operatorAdminUserID
     );
 
     assertFalse(isSuccess);
   }
 
-  @Test
-  public void testFlightOperationsAdmin() {
-    String pilotUserID = "pilot-user-1";
-    String operatorResourceID = "operator-1";
-
-    boolean isSuccess = authZ.isFlightOperationsAdmin(pilotUserID, operatorResourceID);
-
-    assertTrue(isSuccess);
-  }
-
   @Test
   public void testFlightOperationsAdminNegative() {
     String pilotUserID = "pilot-user-2";
@@ -412,14 +412,8 @@ public void testPilotToOperators() {
 
   @Test
   public void testLookupRegulator() {
-    Set<String> regulator = authZ.lookupRegulator();
+    boolean isSuccess = authZ.lookupRegulator(authZ.getCaaResourceID());
 
-    assertTrue(regulator.size() == 1);
-  }
-
-  @Test
-  void removeRegulator() {
-    boolean isSuccess = authZ.removeRegulator();
     assertTrue(isSuccess);
   }
 }