Skip to content

Commit

Permalink
Fix allOf/anyOf Abstain Logic
Browse files Browse the repository at this point in the history
Closes gh-13487
  • Loading branch information
jzheaux committed Jul 11, 2023
1 parent 83c0f42 commit 6393702
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,17 @@ public static <T> AuthorizationManager<T> anyOf(AuthorizationManager<T>... manag
List<AuthorizationDecision> decisions = new ArrayList<>();
for (AuthorizationManager<T> manager : managers) {
AuthorizationDecision decision = manager.check(authentication, object);
if (decision == null || decision.isGranted()) {
if (decision == null) {
continue;
}
if (decision.isGranted()) {
return decision;
}
decisions.add(decision);
}
if (decisions.isEmpty()) {
return new AuthorizationDecision(false);
}
return new CompositeAuthorizationDecision(false, decisions);
};
}
Expand All @@ -64,11 +70,17 @@ public static <T> AuthorizationManager<T> allOf(AuthorizationManager<T>... manag
List<AuthorizationDecision> decisions = new ArrayList<>();
for (AuthorizationManager<T> manager : managers) {
AuthorizationDecision decision = manager.check(authentication, object);
if (decision != null && !decision.isGranted()) {
if (decision == null) {
continue;
}
if (!decision.isGranted()) {
return decision;
}
decisions.add(decision);
}
if (decisions.isEmpty()) {
return new AuthorizationDecision(true);
}
return new CompositeAuthorizationDecision(true, decisions);
};
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,14 @@ void checkAnyOfWhenOneGrantedThenGrantedDecision() {
assertThat(decision.isGranted()).isTrue();
}

// gh-13069
@Test
void checkAnyOfWhenOneAbstainedThenAbstainedDecision() {
void checkAnyOfWhenAllNonAbstainingDeniesThenDeniedDecision() {
AuthorizationManager<?> composed = AuthorizationManagers.anyOf((a, o) -> new AuthorizationDecision(false),
(a, o) -> null);
AuthorizationDecision decision = composed.check(null, null);
assertThat(decision).isNull();
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isFalse();
}

@Test
Expand All @@ -61,8 +63,9 @@ void checkAllOfWhenAllGrantedThenGrantedDecision() {
assertThat(decision.isGranted()).isTrue();
}

// gh-13069
@Test
void checkAllOfWhenOneAbstainedThenGrantedDecision() {
void checkAllOfWhenAllNonAbstainingGrantsThenGrantedDecision() {
AuthorizationManager<?> composed = AuthorizationManagers.allOf((a, o) -> new AuthorizationDecision(true),
(a, o) -> null);
AuthorizationDecision decision = composed.check(null, null);
Expand Down

0 comments on commit 6393702

Please sign in to comment.