From 251a53df47a643b9accd8ac8979fc1d595c58510 Mon Sep 17 00:00:00 2001 From: Abhishek Dwivedi Date: Sat, 27 Jan 2024 08:37:15 -0500 Subject: [PATCH] made changes in the permissions to improve pilot operator relationships --- .../pushpaka/authorisation/utils/AuthZ.java | 19 +++++-- .../main/resources/resource_permission.yaml | 6 +-- .../main/resources/spicedb_permissions.txt | 8 +-- .../pushpaka/integration/TestUtils.java | 4 +- .../ispirt/pushpaka/unittests/AuthZTest.java | 50 ++++++++----------- 5 files changed, 47 insertions(+), 40 deletions(-) diff --git a/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java b/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java index 9dc3968de4..3808b41221 100644 --- a/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java +++ b/reference-implementation/src/main/java/in/ispirt/pushpaka/authorisation/utils/AuthZ.java @@ -76,7 +76,7 @@ public boolean associateCAAToPlatform(String caaResourceID) { ); } - if (tokenValue != null) { + if (tokenValue != null && tokenValue.length() > 0) { return true; } else { return false; @@ -356,7 +356,7 @@ public boolean isFlightOperationsAdmin(String pilotUserID, String operatorResour /** This function is used to add pilot user to operator */ public boolean addPilotToOperator( - String pilotUserID, + String pilotResourceID, String operatorResourceID, String operatorUserID ) { @@ -377,7 +377,7 @@ public boolean addPilotToOperator( RelationshipType.PILOT, operatorResourceID, ResourceType.OPERATOR, - pilotUserID, + pilotResourceID, SubjectType.PILOT ); } @@ -575,6 +575,19 @@ public Set lookupResourcesForRegulatorApproval(String caaAdminsUserID) { return resourceIDSetForApproval; } + public boolean lookupRegulator(String resourceID) { + Set resourceSet = spicedbClient.lookupResources( + RelationshipType.PLATFORM, + ResourceType.CAA, + SubjectType.PLATFORM, + AuthZConstants.PLATFORM_ID + ); + + System.out.println(resourceSet); + + return resourceSet.contains(resourceID); + } + public Set lookupRegulator() { Set resourceSet = spicedbClient.lookupResources( RelationshipType.PLATFORM, diff --git a/reference-implementation/src/main/resources/resource_permission.yaml b/reference-implementation/src/main/resources/resource_permission.yaml index 82491bf192..45ecde678e 100644 --- a/reference-implementation/src/main/resources/resource_permission.yaml +++ b/reference-implementation/src/main/resources/resource_permission.yaml @@ -22,8 +22,8 @@ schema: |- definition pilot { relation flight_operator: user relation regulator: caa - permission approve = regulator->super_admin permission flight_operations_admin = flight_operator + permission approve = regulator->super_admin } /** producer of uas and uas types */ @@ -60,8 +60,8 @@ schema: |- relation manufacturer: manufacturer relation regulator: caa relation owner: operator | pilot - permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin - permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin + permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin + permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin } /** defines relationships of uastype with regulator and manufacturer */ diff --git a/reference-implementation/src/main/resources/spicedb_permissions.txt b/reference-implementation/src/main/resources/spicedb_permissions.txt index 6eab9486db..fb3a3ec554 100644 --- a/reference-implementation/src/main/resources/spicedb_permissions.txt +++ b/reference-implementation/src/main/resources/spicedb_permissions.txt @@ -1,3 +1,4 @@ + /** user represents a user */ definition user {} @@ -21,8 +22,8 @@ definition pilot { relation flight_operator: user relation regulator: caa - permission approve = regulator->super_admin permission flight_operations_admin = flight_operator + permission approve = regulator->super_admin } /** producer of uas and uas types */ @@ -59,8 +60,8 @@ relation manufacturer: manufacturer relation regulator: caa relation owner: operator | pilot - permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin - permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + pilot->flight_operations_admin + permission read_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin + permission decommision_uas = manufacturer->super_admin + regulator->super_admin + owner->super_admin + owner->flight_operations_admin } /** defines relationships of uastype with regulator and manufacturer */ @@ -95,3 +96,4 @@ permission super_admin = administrator permission approve = regulator->super_admin } + diff --git a/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java b/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java index 7cb0a80067..888160b39c 100644 --- a/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java +++ b/reference-implementation/src/test/java/in/ispirt/pushpaka/integration/TestUtils.java @@ -7,9 +7,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.nimbusds.jwt.SignedJWT; -import in.ispirt.pushpaka.authorisation.RelationshipType; import in.ispirt.pushpaka.authorisation.ResourceType; -import in.ispirt.pushpaka.authorisation.SubjectType; import in.ispirt.pushpaka.authorisation.utils.AuthZ; import in.ispirt.pushpaka.utils.Logging; import java.io.IOException; @@ -68,7 +66,7 @@ private static String loginUser(java.util.Map.Entry user) List formparams = Arrays.asList( new BasicNameValuePair("client_id", "backend"), new BasicNameValuePair("grant_type", "password"), - new BasicNameValuePair("client_secret", "qV6lTdv59FyBL1kn2bRnp6LQF4HVxOkk"), + new BasicNameValuePair("client_secret", "Gm236XNRzKTG04hOiXjhRIgZ59krCOFG"), new BasicNameValuePair("scope", "openid"), new BasicNameValuePair("username", user.getKey()), new BasicNameValuePair("password", user.getValue()) diff --git a/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java b/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java index c3f15994e6..6086015b30 100644 --- a/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java +++ b/reference-implementation/src/test/java/in/ispirt/pushpaka/unittests/AuthZTest.java @@ -51,8 +51,7 @@ public void testCreatePlatformUser() { public void testAssociateCAAToPlatform() { // caa:caa-authority#platform@platform:digital-sky-platform - String CAAResourceID = "caa-authority"; - boolean isSuccess = authZ.associateCAAToPlatform(CAAResourceID); + boolean isSuccess = authZ.associateCAAToPlatform(authZ.getCaaResourceID()); assertTrue(isSuccess); } @@ -61,12 +60,11 @@ public void testAssociateCAAToPlatform() { public void testCreateCAAAdministrator() { // caa:caa-authority#administrator@user:caa-user - String caaResourceID = "caa-authority"; String caaResourceAdminID = "caa-user"; String platformAdminId = "platform-user"; boolean isSuccess = authZ.createCAAAdmin( - caaResourceID, + authZ.getCaaResourceID(), caaResourceAdminID, platformAdminId ); @@ -187,28 +185,40 @@ public void testIsResourceAdministratorNegative() { @Test public void testAddPilotToOperator() { // pilot:default-pilot-group#member@user:pilot-user-2 + String pilotResourceID = "pilot-resource-1"; String pilotUserID = "pilot-user-1"; String operatorResourceID = "operator-1"; String operatorAdminUserID = "operator-user"; - boolean isSuccess = authZ.addPilotToOperator( + boolean addPilot = authZ.addPilot( + pilotResourceID, pilotUserID, + authZ.getCaaResourceID() + ); + + boolean isSuccess = authZ.addPilotToOperator( + pilotResourceID, operatorResourceID, operatorAdminUserID ); - assertTrue(isSuccess); + boolean isPilotflightOperationsAdmin = authZ.isFlightOperationsAdmin( + pilotUserID, + operatorResourceID + ); + + assertTrue(addPilot && isSuccess && isPilotflightOperationsAdmin); } @Test public void testRemovePilotToOperator() { - // pilot:default-pilot-group#member@user:pilot-user-2 - String pilotUserID = "pilot-user-1"; + // pilot:default-pilot-group#member@user:pilot-user- + String pilotResourceID = "pilot-resource-1"; String operatorResourceID = "operator-1"; String operatorAdminUserID = "operator-user"; boolean isSuccess = authZ.removePilotFromOperator( - pilotUserID, + pilotResourceID, operatorResourceID, operatorAdminUserID ); @@ -219,12 +229,12 @@ public void testRemovePilotToOperator() { @Test public void testAddPilotToOperatoNegative() { // pilot:default-pilot-group#member@user:pilot-user-2 - String pilotUserID = "pilot-user-1"; + String pilotResourceID = "pilot-resource"; String operatorResourceID = "operator-1"; String operatorAdminUserID = "operator-user-1"; boolean isSuccess = authZ.addPilotToOperator( - pilotUserID, + pilotResourceID, operatorResourceID, operatorAdminUserID ); @@ -232,16 +242,6 @@ public void testAddPilotToOperatoNegative() { assertFalse(isSuccess); } - @Test - public void testFlightOperationsAdmin() { - String pilotUserID = "pilot-user-1"; - String operatorResourceID = "operator-1"; - - boolean isSuccess = authZ.isFlightOperationsAdmin(pilotUserID, operatorResourceID); - - assertTrue(isSuccess); - } - @Test public void testFlightOperationsAdminNegative() { String pilotUserID = "pilot-user-2"; @@ -412,14 +412,8 @@ public void testPilotToOperators() { @Test public void testLookupRegulator() { - Set regulator = authZ.lookupRegulator(); + boolean isSuccess = authZ.lookupRegulator(authZ.getCaaResourceID()); - assertTrue(regulator.size() == 1); - } - - @Test - void removeRegulator() { - boolean isSuccess = authZ.removeRegulator(); assertTrue(isSuccess); } }