这是indexloc提供的服务,不要输入任何密码
Skip to content

refactor: modify DSL rules to support new structure #1605

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 19, 2024
Merged

refactor: modify DSL rules to support new structure #1605

merged 2 commits into from
Sep 19, 2024

Conversation

@tolgaozen
Copy link
Member

@tolgaozen tolgaozen commented Sep 19, 2024
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Simplified permission checks by directly referencing context data attributes.
    • Enhanced flexibility in weekday checks by allowing a list of valid weekdays.

  • Bug Fixes

    • Improved robustness and maintainability of the permission logic.

  • Documentation

    • Updated documentation to reflect changes in permission logic and rule definitions, including modifications to the organization and content entities.

@coderabbitai
Copy link

coderabbitai bot commented Sep 19, 2024
edited
Loading

Walkthrough

The changes involve modifications to rule definitions and permission logic across multiple files. Key alterations include simplifying the parameters of rules such as check_region and check_ip_range, which now rely solely on context data instead of external inputs. Additionally, permission checks for various entities have been updated to directly reference context attributes, enhancing the overall structure and consistency of the access control logic.

Changes

Files Change Summary
assets/example-shapes/disney-plus.yaml Modified check_region rule to remove region parameter, retaining only allowed_region.
docs/getting-started/modeling.mdx Updated view permission to reference ip_range directly; modified check_ip_range rule to remove ip parameter, retaining only ip_range.
docs/use-cases/abac.mdx Refactored permission checks for view, withdraw, and delete to use context attributes; simplified rule definitions for check_ip_range, check_location, and check_age. Modified is_weekday rule to accept a list of valid weekdays.
internal/engines/entityFilter.go Added a check for entrances being nil in EntityFilter method; modified parameters passed to engine.lt method.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant System
    participant Context

    User->>System: Request access
    System->>Context: Check context attributes
    Context-->>System: Return attributes
    System->>System: Evaluate permissions using context
    System-->>User: Grant or deny access
Loading

🐇 In the meadow, changes sprout,
Rules refined, no doubt about!
Context now leads the way,
Simplified paths, come what may.
Permissions clear, logic tight,
Hopping forward, all feels right! 🌼

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between dcb7594 and aabf008.

Files selected for processing (1)
  • internal/engines/entityFilter.go (2 hunks)
Additional comments not posted (2)
internal/engines/entityFilter.go (2)

69-71: LGTM!

The check for nil entrances is a valid optimization to prevent unnecessary processing when there are no linked entrances. Returning nil aligns with the function's return type.

90-90: Verify the impact of the context change.

The change from ctx to cont suggests a shift in the context being used for the execution of the lt method. Please ensure that this change does not introduce any unintended side effects or alter the expected behavior of the lt method.

Verification successful

Context change appears consistent with codebase usage

The change from ctx to cont in the engine.lt call is consistent with the usage of cont throughout the internal/engines/entityFilter.go file. The cont context is initialized using errgroup.WithContext(cctx) and is used consistently in various method calls within this file, including relationEntrance, attributeEntrance, and tupleToUserSetEntrance. This pattern aligns with the usage of cont in other parts of the codebase, such as in pkg/development/development.go and pkg/cmd/validate.go.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of the `cont` context in the `lt` method.

# Test: Search for the declaration and usage of the `cont` context. 
# Expect: The `cont` context should be properly initialized and used consistently.
rg --type go $'cont :=|cont,'

Length of output: 1502

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share
Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    -- I pushed a fix in commit <commit_id>, please review it.
    -- Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    -- @coderabbitai generate unit testing code for this file.
    -- @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    -- @coderabbitai read src/utils.ts and generate unit testing code.
    -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Sep 19, 2024
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b00a2af and dcb7594.

Files selected for processing (3)
  • assets/example-shapes/disney-plus.yaml (1 hunks)
  • docs/getting-started/modeling.mdx (1 hunks)
  • docs/use-cases/abac.mdx (13 hunks)
Additional comments not posted (13)
assets/example-shapes/disney-plus.yaml (1)

48-50: Verify the rule invocations are updated to match the new signature.

The rule signature and body changes look good. The updated rule signature is simpler and more consistent with the rule body, which directly accesses the context's region data.

However, please ensure that all invocations of the check_region rule are updated to remove the region argument, as this is a breaking change.

Run the following script to verify the rule usage:

Verification successful

Rule invocations correctly updated to match the new signature

The verification process confirms that all occurrences of the check_region rule in the codebase are consistent with the new signature. The rule is correctly defined with a single allowed_region parameter, and its usage in the action view definition also matches this updated signature.

No further actions are required regarding the check_region rule update.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all invocations of the `check_region` rule match the new signature.

# Test: Search for the rule usage. Expect: Only occurrences of the new signature.
rg --type yaml -A 5 $'check_region'

Length of output: 786

docs/use-cases/abac.mdx (12)

90-94: LGTM!

The changes simplify the permission definition by directly referencing the ip_range attribute in the check_ip_range rule. The overall permission logic remains the same.

137-141: LGTM!

The changes simplify the permission definition by directly referencing the location attribute in the check_location rule. Using the current_location from the context data ensures consistency in how the location is determined.

161-167: LGTM!

The changes simplify the permission definition by directly referencing the min_age attribute in the check_age rule. Using the age from the context data ensures consistency in how the age is determined.

188-192: LGTM!

The changes simplify the permission definition by directly referencing the balance attribute in the check_balance rule. Using the amount from the context data ensures consistency in how the withdrawal amount is determined.

Line range hint 253-266: LGTM!

The changes simplify the permission definition by directly referencing the valid_weekdays attribute in the is_weekday rule. Using the day_of_week from the context data ensures consistency in how the day is determined. The valid_weekdays attribute allows for flexibility in defining valid days for each organization.

277-282: LGTM!

The request keys for the organization.view permission check are consistent with the changes made to the is_weekday rule and the view permission. The keys correctly reference the valid_weekdays attribute and the member relation.

299-303: Skipped

This code segment is a duplicate of the previous one. No further comments are necessary.

321-326: LGTM!

The request keys for the account.withdraw permission check are consistent with the changes made to the check_balance rule and the withdraw permission. The keys correctly reference the balance attribute and the owner relation.

402-406: Skipped

This code segment is a duplicate of the previous one. No further comments are necessary.

418-418: LGTM!

The example context data includes the relevant attributes (ip_address and day_of_week) used in the permission rules. This allows for flexibility in defining the necessary context for each permission check.

536-539: More context needed

The code snippet defines a delete permission that relies on the is_weekday rule and the valid_weekdays attribute. However, the complete context of the entity and the valid_weekdays attribute definition is missing. Please provide the surrounding code for a more comprehensive review.
[incomplete_context]

561-565: LGTM!

The attribute and permission definitions for the repository entity are well-structured and provide appropriate access control:

  • The is_public attribute determines public visibility of the repository.
  • The edit permission maintains consistency with the related organization's view permission.
  • The delete permission utilizes the is_weekday rule with the valid_weekdays attribute to restrict deletion to specific

docs/getting-started/modeling.mdx
attribute ip_range string[]
permission view = check_ip_range(request.ip, ip_range) or admin
permission view = check_ip_range(ip_range) or admin
Copy link

@coderabbitai coderabbitai bot Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

Update test files and documentation for consistency with check_ip_range changes

The simplification of the check_ip_range function has been successfully implemented in most of the codebase. However, there are some inconsistencies that need to be addressed:

  1. Test files still use the old signature:

    • internal/storage/memory/schemaReader_test.go
    • internal/storage/postgres/schemaReader_test.go

  2. Mixed usage in documentation:

    • docs/use-cases/abac.mdx contains both old and new signatures

To ensure consistency and prevent potential errors, please:

  • Update the test files to use the new check_ip_range signature with a single parameter.
  • Revise docs/use-cases/abac.mdx to consistently use the new signature throughout the document.

These changes will align all parts of the codebase with the simplified check_ip_range implementation.

Analysis chain

Simplification of the view permission logic looks good!

The change leverages the context data directly for the IP address, simplifying the permission check.

Please ensure the following:

  1. Verify that the IP address is consistently available in the context data.
  2. Run the following script to identify and update any remaining invocations of check_ip_range with the old signature:
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all invocations of `check_ip_range` have been updated to the new signature.

# Test: Search for the old usage pattern. Expect: No results.
rg --type perm -A 5 $'check_ip_range\(.*,.*\)'

Length of output: 76

Script:

#!/bin/bash
# Description: Verify all invocations of `check_ip_range` have been updated to the new signature.

# Search for potential old usage patterns of check_ip_range
echo "Searching for potential old usage patterns of check_ip_range:"
rg -n -C 3 'check_ip_range\s*\([^)]+,[^)]+\)' 

# Search for all occurrences of check_ip_range to compare
echo -e "\nSearching for all occurrences of check_ip_range:"
rg -n -C 3 'check_ip_range'

Length of output: 11020

docs/getting-started/modeling.mdx
Comment on lines +351 to +352
rule check_ip_range(ip_range string[]) {
context.data.ip in ip_range
Copy link

@coderabbitai coderabbitai bot Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

Inconsistent usage of check_ip_range detected across the codebase

The verification process has revealed that the check_ip_range function is not consistently updated throughout the codebase. While some instances use the new single-parameter signature, others still use the old two-parameter version. This inconsistency needs to be addressed to ensure proper functionality and maintain code coherence.

Please update the following:

  1. Test files:
    • internal/storage/postgres/schemaReader_test.go
    • internal/storage/memory/schemaReader_test.go
  2. Documentation:
    • docs/use-cases/abac.mdx

When updating these files, ensure that:

  • The function signature is changed to check_ip_range(ip_range string[]).
  • Any calls to check_ip_range are updated to use only the ip_range parameter.
  • The function body uses context.data.ip instead of a passed ip parameter.

After making these changes, thoroughly test the affected components to ensure no functionality is broken.

Analysis chain

Encapsulation enhancement of the check_ip_range rule looks good!

The rule now directly leverages the context data for the IP address, enhancing encapsulation and simplifying the logic.

Please ensure the following:

  1. Verify that the IP address is consistently available under context.data.ip.
  2. Run the following script to identify and update any remaining invocations of check_ip_range with the old signature:
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all invocations of `check_ip_range` have been updated to the new signature.

# Test: Search for the old usage pattern. Expect: No results.
rg --type perm -A 5 $'check_ip_range\(.*,.*\)'

Length of output: 76

Script:

#!/bin/bash
# Description: Verify all invocations of `check_ip_range` have been updated to the new signature and find all occurrences.

# Search for the old usage pattern (two or more arguments)
echo "Searching for old usage pattern of check_ip_range:"
rg 'check_ip_range\([^)]+,[^)]+\)'

# Search for all occurrences of check_ip_range
echo -e "\nAll occurrences of check_ip_range:"
rg 'check_ip_range'

# Use ast-grep to find function calls to check_ip_range
echo -e "\nFunction calls to check_ip_range using ast-grep:"
ast-grep --lang javascript --pattern 'check_ip_range($_)'

Length of output: 3274

@tolgaozen tolgaozen merged commit eb7066f into master Sep 19, 2024
@tolgaozen tolgaozen deleted the dsl-rules branch September 19, 2024 08:00
@coderabbitai coderabbitai bot mentioned this pull request Sep 19, 2024
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 3, 2024
Merged
@coderabbitai coderabbitai bot mentioned this pull request Feb 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tolgaozen