RebacServiceImpl: inject default properties

kamu-data · Jan 17, 2025 · db7bf39 · db7bf39
1 parent bfb5e89
commit db7bf39
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 7 deletions.
diff --git a/src/adapter/auth-oso-rebac/tests/tests/test_oso_dataset_authorizer.rs b/src/adapter/auth-oso-rebac/tests/tests/test_oso_dataset_authorizer.rs
@@ -144,6 +144,11 @@ impl DatasetAuthorizerHarness {
                 .add_value(predefined_accounts_config)
                 .add::<PredefinedAccountsRegistrator>()
                 .add::<kamu_auth_rebac_services::RebacServiceImpl>()
+                .add_value(kamu_auth_rebac_services::DefaultAccountProperties { is_admin: false })
+                .add_value(kamu_auth_rebac_services::DefaultDatasetProperties {
+                    allows_anonymous_read: false,
+                    allows_public_read: false,
+                })
                 .add::<kamu_auth_rebac_services::MultiTenantRebacDatasetLifecycleMessageConsumer>()
                 .add::<InMemoryRebacRepository>()
                 .add_builder(

diff --git a/src/adapter/graphql/tests/tests/test_gql_datasets.rs b/src/adapter/graphql/tests/tests/test_gql_datasets.rs
@@ -825,6 +825,11 @@ impl GraphQLDatasetsHarness {
                 .bind::<dyn AuthenticationService, MockAuthenticationService>()
                 .add::<auth::AlwaysHappyDatasetActionAuthorizer>()
                 .add::<RebacServiceImpl>()
+                .add_value(kamu_auth_rebac_services::DefaultAccountProperties { is_admin: false })
+                .add_value(kamu_auth_rebac_services::DefaultDatasetProperties {
+                    allows_anonymous_read: false,
+                    allows_public_read: false,
+                })
                 .add::<InMemoryRebacRepository>();
 
             if tenancy_config == TenancyConfig::MultiTenant {

diff --git a/src/app/cli/src/app.rs b/src/app/cli/src/app.rs
@@ -496,6 +496,11 @@ pub fn configure_base_catalog(
     b.add::<DatabaseTransactionRunner>();
 
     b.add::<kamu_auth_rebac_services::RebacServiceImpl>();
+    b.add_value(kamu_auth_rebac_services::DefaultAccountProperties { is_admin: false });
+    b.add_value(kamu_auth_rebac_services::DefaultDatasetProperties {
+        allows_anonymous_read: false,
+        allows_public_read: false,
+    });
 
     b.add::<kamu_adapter_flight_sql::SessionAuthAnonymous>();
     b.add::<kamu_adapter_flight_sql::SessionManagerCaching>();

diff --git a/src/domain/auth-rebac/domain/src/services/rebac_service.rs b/src/domain/auth-rebac/domain/src/services/rebac_service.rs
@@ -103,7 +103,7 @@ pub trait RebacService: Send + Sync {
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-#[derive(Debug, Default)]
+#[derive(Debug, Clone)]
 pub struct AccountProperties {
     pub is_admin: bool,
 }
@@ -120,7 +120,7 @@ impl AccountProperties {
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-#[derive(Debug, Default)]
+#[derive(Debug, Clone)]
 pub struct DatasetProperties {
     pub allows_anonymous_read: bool,
     pub allows_public_read: bool,

diff --git a/src/domain/auth-rebac/services/src/rebac_service_impl.rs b/src/domain/auth-rebac/services/src/rebac_service_impl.rs
@@ -42,15 +42,30 @@ use opendatafabric as odf;
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
+pub type DefaultAccountProperties = AccountProperties;
+pub type DefaultDatasetProperties = DatasetProperties;
+
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
 pub struct RebacServiceImpl {
     rebac_repo: Arc<dyn RebacRepository>,
+    default_account_properties: Arc<DefaultAccountProperties>,
+    default_dataset_properties: Arc<DefaultDatasetProperties>,
 }
 
 #[component(pub)]
 #[interface(dyn RebacService)]
 impl RebacServiceImpl {
-    pub fn new(rebac_repo: Arc<dyn RebacRepository>) -> Self {
-        Self { rebac_repo }
+    pub fn new(
+        rebac_repo: Arc<dyn RebacRepository>,
+        default_account_properties: Arc<DefaultAccountProperties>,
+        default_dataset_properties: Arc<DefaultDatasetProperties>,
+    ) -> Self {
+        Self {
+            rebac_repo,
+            default_account_properties,
+            default_dataset_properties,
+        }
     }
 }
 
@@ -103,13 +118,14 @@ impl RebacService for RebacServiceImpl {
             .await
             .int_err()?;
 
+        let default_account_properties = (*self.default_account_properties).clone();
         let account_properties = entity_properties
             .into_iter()
             .map(|(name, value)| match name {
                 PropertyName::Dataset(_) => unreachable!(),
                 PropertyName::Account(account_property_name) => (account_property_name, value),
             })
-            .fold(AccountProperties::default(), |mut acc, (name, value)| {
+            .fold(default_account_properties, |mut acc, (name, value)| {
                 acc.apply(name, &value);
                 acc
             });
@@ -180,13 +196,14 @@ impl RebacService for RebacServiceImpl {
             .await
             .int_err()?;
 
+        let default_dataset_properties = (*self.default_dataset_properties).clone();
         let dataset_properties = entity_properties
             .into_iter()
             .map(|(name, value)| match name {
                 PropertyName::Dataset(dataset_property_name) => (dataset_property_name, value),
                 PropertyName::Account(_) => unreachable!(),
             })
-            .fold(DatasetProperties::default(), |mut acc, (name, value)| {
+            .fold(default_dataset_properties, |mut acc, (name, value)| {
                 acc.apply(name, &value);
                 acc
             });
@@ -210,9 +227,10 @@ impl RebacService for RebacServiceImpl {
             .int_err()?;
 
         let mut dataset_properties_map = HashMap::new();
+        let default_dataset_properties = (*self.default_dataset_properties).clone();
 
         for dataset_id in dataset_ids {
-            dataset_properties_map.insert(dataset_id.clone(), DatasetProperties::default());
+            dataset_properties_map.insert(dataset_id.clone(), default_dataset_properties.clone());
         }
 
         let entity_properties_it =

diff --git a/...-rebac/services/tests/tests/test_multi_tenant_rebac_dataset_lifecycle_message_consumer.rs b/...-rebac/services/tests/tests/test_multi_tenant_rebac_dataset_lifecycle_message_consumer.rs
@@ -191,6 +191,11 @@ impl MultiTenantRebacDatasetLifecycleMessageConsumerHarness {
         catalog_builder
             .add::<MultiTenantRebacDatasetLifecycleMessageConsumer>()
             .add::<RebacServiceImpl>()
+            .add_value(kamu_auth_rebac_services::DefaultAccountProperties { is_admin: false })
+            .add_value(kamu_auth_rebac_services::DefaultDatasetProperties {
+                allows_anonymous_read: false,
+                allows_public_read: false,
+            })
             .add::<InMemoryRebacRepository>();
 
         let catalog = catalog_builder.build();