fix(authorization): ignore unknown granted permissions

fix MODELIX-1018

authorization/src/main/kotlin/org/modelix/authorization/permissions/PermissionEvaluator.kt

@@ -1,17 +1,23 @@
 package org.modelix.authorization.permissions
 
+import org.modelix.authorization.UnknownPermissionException
+
 class PermissionEvaluator(val schemaInstance: SchemaInstance) {
     private val allGrantedPermissions: MutableSet<PermissionInstanceReference> = HashSet()
     private val parser = PermissionParser(schemaInstance.schema)
 
     fun getAllGrantedPermissions(): Set<PermissionInstanceReference> = schemaInstance.getAllPermissions().map { it.ref }.filter { hasPermission(it) }.toSet()
 
     fun grantPermission(permissionId: String) {
-        grantPermission(parser.parse(permissionId))
+        grantPermission(PermissionParts.fromString(permissionId))
     }
 
     fun grantPermission(permissionId: PermissionParts) {
-        grantPermission(parser.parse(permissionId))
+        try {
+            grantPermission(parser.parse(permissionId))
+        } catch (ex: UnknownPermissionException) {
+            // Tokens may also contain permissions for other services.
+        }
     }
 
     fun grantPermission(permissionRef: PermissionInstanceReference) {

model-server/src/test/kotlin/permissions/PermissionTestBase.kt

@@ -1,24 +1,12 @@
 package permissions
 
-import com.auth0.jwt.JWT
-import com.auth0.jwt.algorithms.Algorithm
-import kotlinx.serialization.json.Json
-import kotlinx.serialization.json.jsonObject
 import org.modelix.authorization.permissions.PermissionEvaluator
 import org.modelix.authorization.permissions.PermissionParts
 import org.modelix.authorization.permissions.Schema
 import org.modelix.authorization.permissions.SchemaInstance
 import org.modelix.model.server.ModelServerPermissionSchema
-import java.nio.charset.StandardCharsets
-import java.util.Base64
 
 abstract class PermissionTestBase(private val explicitlyGrantedPermissions: List<PermissionParts>, val schema: Schema = ModelServerPermissionSchema.SCHEMA) {
-    val token = JWT.create()
-        .withClaim("permissions", explicitlyGrantedPermissions.map { it.toString() })
-        .sign(Algorithm.HMAC256("my-secret-key-8774567"))
-        .let { JWT.decode(it) }
-    val payloadJson = String(Base64.getUrlDecoder().decode(token.payload), StandardCharsets.UTF_8)
-        .let { Json.parseToJsonElement(it).jsonObject }
     val evaluator = PermissionEvaluator(SchemaInstance(schema)).also { evaluator ->
         explicitlyGrantedPermissions.forEach { evaluator.grantPermission(it) }
     }

model-server/src/test/kotlin/permissions/UnknownPermissionGrantTest.kt

@@ -0,0 +1,20 @@
+package permissions
+
+import org.modelix.authorization.permissions.PermissionEvaluator
+import org.modelix.authorization.permissions.PermissionParts
+import org.modelix.authorization.permissions.SchemaInstance
+import org.modelix.model.server.ModelServerPermissionSchema
+import kotlin.test.Test
+
+class UnknownPermissionGrantTest {
+    /**
+     * A token may contain granted permission of other services. They should not result in an exception.
+     */
+    @Test
+    fun `unknown permission in token is ignored`() {
+        val evaluator = PermissionEvaluator(SchemaInstance(ModelServerPermissionSchema.SCHEMA))
+        for (i in 0..5) {
+            evaluator.grantPermission(PermissionParts(ModelServerPermissionSchema.repository("myFirstRepo").branch("main").push.parts.take(i)) + "some-non-existent-permission")
+        }
+    }
+}