-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When staging with a policy-activating opt (:did or :role), you need to be able to subsequently transact with different policies for different users. This commit makes that possible by resetting the db to a root db after checking policies. If you want to interact with the db with a specific policy wrapping, you need to specify the identity/role with which you are doing so every time.
- Loading branch information
Showing
3 changed files
with
90 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -77,14 +77,13 @@ | |
{:f/path :schema/name | ||
:f/allow [{:f/targetRole :ex/userRole | ||
:f/action [:f/view :f/modify]}]}]}])] | ||
|
||
(testing "Policy allowed modification" | ||
(testing "using role + id" | ||
(let [update-name @(fluree/stage db+policy {:id :ex/alice | ||
:schema/email "[email protected]"} | ||
(let [update-name @(fluree/stage db+policy | ||
{:id :ex/alice | ||
:schema/email "[email protected]"} | ||
{:did alice-did | ||
:role :ex/userRole})] | ||
|
||
(is (= [{:id :ex/alice, | ||
:rdf/type [:ex/User], | ||
:schema/name "Alice", | ||
|
@@ -94,33 +93,36 @@ | |
:ex/location {:id nil}}] | ||
@(fluree/query update-name | ||
{:select {'?s [:*]} | ||
:where [['?s :schema/name "Alice"]]})) | ||
:where [['?s :schema/name "Alice"]] | ||
:opts {:did alice-did}})) | ||
"Alice should be allowed to update her own name."))) | ||
(testing "using role only" | ||
(let [update-price @(fluree/stage db+policy {:id :ex/widget | ||
:schema/price 105.99} | ||
{:role :ex/rootRole})] | ||
|
||
(is (= [{:id :ex/widget, | ||
:rdf/type [:ex/Product], | ||
:schema/name "Widget", | ||
:schema/price 105.99, | ||
:schema/priceCurrency "USD"}] | ||
@(fluree/query update-price | ||
{:select {'?s [:*]} | ||
:where [['?s :rdf/type :ex/Product]]})) | ||
"Updated :schema/price should have been allowed, and entire product is visible in query.")) | ||
(let [update-name @(fluree/stage db+policy {:id :ex/widget | ||
:schema/name "Widget2"} | ||
{:role :ex/userRole})] | ||
(let [update-price @(fluree/stage db+policy | ||
{:id :ex/widget | ||
:schema/price 105.99} | ||
{:role :ex/rootRole})] | ||
|
||
(is (= [{:rdf/type [:ex/Product] | ||
:schema/name "Widget2"}] | ||
@(fluree/query update-name | ||
{:select {'?s [:*]} | ||
:where [['?s :rdf/type :ex/Product]]})) | ||
"Updated :schema/name should have been allowed, and only name is visible in query.")))) | ||
(is (= [{:id :ex/widget, | ||
:rdf/type [:ex/Product], | ||
:schema/name "Widget", | ||
:schema/price 105.99, | ||
:schema/priceCurrency "USD"}] | ||
@(fluree/query update-price | ||
{:select {'?s [:*]} | ||
:where [['?s :rdf/type :ex/Product]]})) | ||
"Updated :schema/price should have been allowed, and entire product is visible in query.")) | ||
(let [update-name @(fluree/stage db+policy | ||
{:id :ex/widget | ||
:schema/name "Widget2"} | ||
{:role :ex/userRole})] | ||
|
||
(is (= [{:rdf/type [:ex/Product] | ||
:schema/name "Widget2"}] | ||
@(fluree/query update-name | ||
{:select {'?s [:*]} | ||
:where [['?s :rdf/type :ex/Product]] | ||
:opts {:role :ex/userRole}})) | ||
"Updated :schema/name should have been allowed, and only name is visible in query.")))) | ||
(testing "Policy doesn't allow a modification" | ||
(let [update-price @(fluree/stage db+policy {:id :ex/widget | ||
:schema/price 42.99} | ||
|