Skip to content
New issue

Have a question about this project?Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to ourterms of serviceand privacy statement.We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oso does not support Kotlin data classes #1655

Open
brizzbuzzopened this issue Dec 15, 2022 · 1 comment
Open

Oso does not support Kotlin data classes #1655

brizzbuzzopened this issue Dec 15, 2022 · 1 comment

Comments

@brizzbuzz
Copy link

Hey 👋 Finally getting around to trialing Oso as an auth solution for a Kotlin application that I'm building.

However, it seems that Oso does not support Kotlin data classes:( Or, as is always possible... I'm just doing something dumb

I am trying to emulate the Java quickstart example, with a User trying to read from a repository.

I have the following models

data classRepo(
valid:UUID,
valname:String,
valisPublic:Boolean
)

data classUser(
valid:UUID,
valemail:String,
valrepoRoles:List<RepoRole>
)

I have set up OSO with the following

privatevaloso:Oso=Oso()

init{
//On a tangent... it doesn't seem to even load
//unless I explicitly repeat the class name as the second param
oso.registerClass(Repo::class.java,"Repo")
oso.registerClass(User::class.java,"User")
oso.loadStr(
"""
allow(actor, action, resource) if
has_permission(actor, action, resource);

actor User {}

resource Repo {
permissions = [ "read", "push", "delete" ];
roles = [ "contributor", "maintainer", "admin" ];

"read" if "contributor";
"push" if "maintainer";
"delete" if "admin";

"maintainer" if "admin";
"contributor" if "maintainer";
}

# This rule tells Oso how to fetch roles for a Repo
has_role(actor: User, role_name: String, Repo: Repo) if
role in actor.repoRoles and
role_name = role.name and
Repo = role.Repo;

has_permission(_actor: User, "read", Repo: Repo) if
Repo.isPublic;

allow(actor, action, resource) if
has_permission(actor, action, resource);
""".trimIndent()
)
}

Just as a test, I have created a repo withisPublic=truewith nametest.However, when I run the following

funreadByName(name:String):RepoModels.Response{
valresult=Repo(
id=UUID.randomUUID(),
name=name,
isPublic=true
)
valuser=User(
id=UUID.randomUUID(),
email="[email protected]",
repoRoles=listOf(RepoRole(role="admin",repo=result))
)
oso.authorize(user,"read",result)
returnRepoModels.Response.fromRepo(result)
}

I get an authorization error from oso

com.osohq.oso.Exceptions$NotFoundException: Oso NotFoundException -- The current user does not have permission to read the given resource. You should handle this error by returning a 404 error to the client.
at com.osohq.oso.Oso.authorize(Oso.java:110)
at com.osohq.oso.Oso.authorize(Oso.java:118)
at io.bkbn.sourdough.api.service.RepoService.readByName(RepoService.kt:81)
//...

If it helps, I have pushed all of this code to a repohttps://github /bkbnio/oso-pocInstructions in the README for how to run the app. If you have any issues with getting it set up just let me know:)

You can emulate this error by running GETlocalhost:8080/repo?name=test
@wcurrie wcurrie mentioned this issue Jan 14, 2023
Closed
@wcurrie
Copy link

wcurrie commented Jan 14, 2023

Out of curiosity I tried making this work in#1662.

Seems to work with some to the repo

Index: api/src/main/kotlin/io/bkbn/sourdough/api/service/RepoService.kt
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/api/src/main/kotlin/io/bkbn/sourdough/api/service/RepoService.kt b/api/src/main/kotlin/io/bkbn/sourdough/api/service/RepoService.kt
--- a/api/src/main/kotlin/io/bkbn/sourdough/api/service/RepoService.kt (revision e4e856f304b1c09de9f2cdcdb658dce59deffab5)
+++ b/api/src/main/kotlin/io/bkbn/sourdough/api/service/RepoService.kt (date 1673734442646)
@@ -35,10 +35,10 @@
}

# This rule tells Oso how to fetch roles for a Repo
-has_role(actor: User, role_name: String, Repo: Repo) if
+has_role(actor: User, role_name: String, repo: Repo) if
role in actor.repoRoles and
-role_name = role.name and
-Repo = role.Repo;
+role_name = role.role and
+repo = role.repo;

has_permission(_actor: User, "read", Repo: Repo) if
Repo.isPublic;
Index: api/build.gradle.kts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/api/build.gradle.kts b/api/build.gradle.kts
--- a/api/build.gradle.kts (revision e4e856f304b1c09de9f2cdcdb658dce59deffab5)
+++ b/api/build.gradle.kts (date 1673734519566)
@@ -41,7 +41,7 @@
implementation( "org.jetbrains.kotlinx:kotlinx-datetime:0.4.0" )

// Auth
-implementation( "com.osohq:oso:0.26.4" )
+implementation( "com.osohq:oso:0.26.5-SNAPSHOT" )
}

testing {

image

I used this test for faster feedback:

packageio.bkbn.sourdough.api.service

importorg.junit.jupiter.api.Assertions.*
importorg.junit.jupiter.api.Test

internalclassRepoServiceTest{
@Test
internalfun`can read by name`() {
valresponse=RepoService.readByName("foo")
assertEquals("foo",response.name)
}
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wcurrie @brizzbuzz