fix: Fixed state resource and state machine validation.

wmfs · Mar 21, 2019 · d4ca83e · d4ca83e
1 parent be2aee9
commit d4ca83e
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 10 deletions.
diff --git a/lib/blueprints/rbac-blueprint/state-machines/rbac-create-role.json b/lib/blueprints/rbac-blueprint/state-machines/rbac-create-role.json
@@ -8,6 +8,12 @@
     "CreateRole": {
       "Type": "Task",
       "Resource": "module:createRole",
+      "Parameters": {
+        "roleId.$": "$.formData.roleId",
+        "label.$": "$.formData.label",
+        "description.$": "$.formData.description",
+        "inherits.$": "$.formData.inherits"
+      },
       "ResultPath": null,
       "End": true
     }
@@ -21,4 +27,4 @@
       ]
     }
   ]
-}
+}
diff --git a/lib/blueprints/rbac-blueprint/state-machines/rbac-grant-state-machine-permission.json b/lib/blueprints/rbac-blueprint/state-machines/rbac-grant-state-machine-permission.json
@@ -8,6 +8,11 @@
     "Grant": {
       "Type": "Task",
       "Resource": "module:grantPermission",
+      "Parameters": {
+        "roleId.$": "$.formData.roleId",
+        "stateMachine.$": "$.formData.stateMachineName",
+        "action.$": "$.formData.action"
+      },
       "ResultPath": null,
       "End": true
     }
@@ -21,4 +26,4 @@
       ]
     }
   ]
-}
+}
diff --git a/lib/components/state-resources/create-role/schema.j2119 b/lib/components/state-resources/create-role/schema.j2119
@@ -1 +1,5 @@
-This document specifies a JSON object called a "PermissionsTree Resource Config".
+This document specifies a JSON object called a "New Role".
+A New Role MUST have a string field named "roleId".
+A New Role MAY have a string field named "label".
+A New Role MAY have a string field named "description".
+A New Role MAY have a string-array field named "inherits".
diff --git a/lib/components/state-resources/grant-permission/index.js b/lib/components/state-resources/grant-permission/index.js
@@ -5,9 +5,9 @@ class GrantPermission {
   }
 
   async run (event, context) {
-    const { roleId, stateMachineName } = event
+    const { roleId, stateMachine } = event
 
-    if (!roleId || !stateMachineName || !event.action) {
+    if (!roleId || !stateMachine || !event.action) {
       return context.sendTaskFailure({
         error: 'GrantPermission',
         cause: new Error('GrantPermission needs roleId, stateMachineName, and action')
@@ -17,7 +17,7 @@ class GrantPermission {
     const actions = Array.isArray(event.action) ? event.action : [ event.action ]
 
     for (const action of actions) {
-      await this.rbacAdmin.grantPermission(roleId, 'stateMachine', stateMachineName, action)
+      await this.rbacAdmin.grantPermission(roleId, 'stateMachine', stateMachine, action)
     }
 
     context.sendTaskSuccess()

diff --git a/lib/components/state-resources/grant-permission/schema.j2119 b/lib/components/state-resources/grant-permission/schema.j2119
@@ -1 +1,4 @@
-This document specifies a JSON object called a "PermissionsTree Resource Config".
+This document specifies a JSON object called a "Permission Grant".
+A Permission Grant MUST have a string field named "roleId".
+A Permission Grant MUST have a string field named "stateMachine".
+A Permission Grant MUST have a string-array field named "action".
diff --git a/lib/components/state-resources/list-roles/schema.j2119 b/lib/components/state-resources/list-roles/schema.j2119
diff --git a/lib/components/state-resources/permissions-tree/schema.j2119 b/lib/components/state-resources/permissions-tree/schema.j2119
diff --git a/lib/components/state-resources/refresh-permissions/schema.j2119 b/lib/components/state-resources/refresh-permissions/schema.j2119