From 07ed07c38af38d9936d38a841bff06c5dfa0bb7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eray=20=C3=96zcan?= <eray@inuits.eu>
Date: Thu, 4 Jul 2024 15:50:28 +0200
Subject: [PATCH] feat: introduce known_types check

Refs #128128
---
 src/elody/policies/permission_handler.py | 14 ++++++++++----
 src/elody/policies/tenant_id_resolver.py |  4 +++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/elody/policies/permission_handler.py b/src/elody/policies/permission_handler.py
index d4c40a9..1a0631e 100644
--- a/src/elody/policies/permission_handler.py
+++ b/src/elody/policies/permission_handler.py
@@ -47,7 +47,7 @@ def handle_single_item_request(
 ):
     try:
         item_in_storage_format, flat_item, object_lists, restrictions_schema = (
-            __prepare_item_for_permission_check(item, permissions, crud)
+            __prepare_item_for_permission_check(item, permissions, crud, user_context)
         )
 
         is_allowed_to_crud_item = (
@@ -87,7 +87,9 @@ def __post_request_hook(response):
                     flat_item,
                     object_lists,
                     restrictions_schema,
-                ) = __prepare_item_for_permission_check(item, permissions, "read")
+                ) = __prepare_item_for_permission_check(
+                    item, permissions, "read", user_context
+                )
                 if not flat_item:
                     continue
 
@@ -111,9 +113,13 @@ def __post_request_hook(response):
     return __post_request_hook
 
 
-def __prepare_item_for_permission_check(item, permissions, crud):
+def __prepare_item_for_permission_check(item, permissions, crud, user_context):
     item = deepcopy(item.get("storage_format", item))
-    if item.get("type", "") not in permissions[crud].keys():
+    known_types = user_context.bag.get("known_types")
+    type = item.get("type", "")
+    if (type not in permissions[crud].keys()) or (
+        known_types is not None and type not in known_types
+    ):
         return item, None, None, None
 
     config = get_object_configuration_mapper().get(item["type"])
diff --git a/src/elody/policies/tenant_id_resolver.py b/src/elody/policies/tenant_id_resolver.py
index 3ebb078..0d5bf17 100644
--- a/src/elody/policies/tenant_id_resolver.py
+++ b/src/elody/policies/tenant_id_resolver.py
@@ -316,7 +316,9 @@ def get_tenant_id(self, request: Request) -> str | None:
             regex.match(r"^/mediafiles/(.+)$", request.path)
             and request.method == "DELETE"
         ):
-            raise Exception(self._get_tenant_id_from_mediafile(request.view_args.get("id")))
+            raise Exception(
+                self._get_tenant_id_from_mediafile(request.view_args.get("id"))
+            )
             return self._get_tenant_id_from_mediafile(request.view_args.get("id"))
         return None