Project: Edison

Publisher: bu2

Access Control

The backend provides Public/Private/Role-based/ACL access control

Background

Given: client accepts JSON

Scenarios

Bob can access his data only
John can not list private objects from Bob
John can not get a private object from Bob
John can not insert and override a private object from Bob
John can not modify and override a private object from Bob
John can not mutate and override a private object from Bob
John can not delete a private object from Bob
John can not find private objects from Bob
John can read objects from Bob only if he has read permission
John can update objects from Bob only if he has read/write permission
Even if he has read/write permision, John must not be able to modify permissions of objects from Bob

Bob can access his data only

Given

the system only knows those Buildings:

_id	label	level	_owner
541816f042e7d8204d000001	Town Hall	3	[email protected]
541816f042e7d8204d000002	Army Camp	3	[email protected]
541816f042e7d8204d000003	Gold Mine	3	[email protected]

And

client is authenticated as Bob

When

client requests GET /api/buildings

Then

response status should be 200

And

response body should be JSON:

[ { "_id" : "541816f042e7d8204d000001", "label" : "Town Hall", "level" : 3, "_owner" : "[email protected]" },
{ "_id" : "541816f042e7d8204d000003", "label" : "Gold Mine", "level" : 3, "_owner" : "[email protected]" } ]

John can not list private objects from Bob

Given

the system only knows those Buildings:

_id	label	level	_owner
541816f042e7d8204d000001	Town Hall	3	[email protected]
541816f042e7d8204d000002	Army Camp	3	[email protected]
541816f042e7d8204d000003	Gold Mine	3	[email protected]

And

client is authenticated as John

When

client requests GET /api/buildings

Then

response status should be 200

And

response body should be JSON:

[ ]

John can not get a private object from Bob

Given

the system knows this Building JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "Town Hall",
  "level": 3,
  "_owner": "[email protected]" }

And

client is authenticated as John

When

client requests GET /api/buildings/541816f042e7d8204d000001

Then

response status should be 422

And

response body should be JSON:

{ "status": "Unprocessable Entity",
  "message": "Object with _id 541816f042e7d8204d000001 not found." }

John can not insert and override a private object from Bob

Given

the system knows this Building JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "Town Hall",
  "level": 3,
  "_owner": "[email protected]" }

And

client is authenticated as John

When

client requests POST /api/buildings with JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

When

client requests POST /api/buildings with JSON:

{ "label": "John's Town Hall",
  "level": 999,
  "_owner": "[email protected]" }

Then

response status should be 422

John can not modify and override a private object from Bob

Given

the system knows this Building JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "Town Hall",
  "level": 3,
  "_owner": "[email protected]" }

And

client is authenticated as John

When

client requests PUT /api/buildings/541816f042e7d8204d000001 with JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

When

client requests PUT /api/buildings/541816f042e7d8204d000001 with JSON:

{ "label": "John's Town Hall",
  "level": 999,
  "_owner": "[email protected]" }

Then

response status should be 422

When

client requests PUT /api/buildings/541816f042e7d8204d000001 with JSON:

{ "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

John can not mutate and override a private object from Bob

Given

the system knows this Building JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "Town Hall",
  "level": 3,
  "_owner": "[email protected]" }

And

client is authenticated as John

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "label": "John's Town Hall",
  "level": 999,
  "_owner": "[email protected]" }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

John can not delete a private object from Bob

Given

the system knows this Building JSON:

{ "_id": "541816f042e7d8204d000001",
  "label": "Town Hall",
  "level": 3,
  "_owner": "[email protected]" }

And

client is authenticated as John

When

client requests DELETE /api/buildings/541816f042e7d8204d000001

Then

response status should be 422

John can not find private objects from Bob

Given

the system only knows those Buildings:

_id	label	level	_owner
541816f042e7d8204d000001	Town Hall	3	[email protected]
541816f042e7d8204d000002	Army Camp	3	[email protected]
541816f042e7d8204d000003	Gold Mine	3	[email protected]

And

client is authenticated as John

When

client requests POST /api/buildings/search with JSON:

{ }

Then

response status should be 200

And

response body should be JSON:

[ ]

When

client requests POST /api/buildings/search with JSON:

{ "level": 3 }

Then

response status should be 200

And

response body should be JSON:

[ ]

When

client requests POST /api/buildings/search with JSON:

{ "_id": "541816f042e7d8204d000001" }

Then

response status should be 422

When

client requests POST /api/buildings/search with JSON:

{ "_owner": "[email protected]" }

Then

response status should be 422

John can read objects from Bob only if he has read permission

Given

the system only knows those Buildings:

_id	label	level	_owner	_tags
541816f042e7d8204d000001	Town Hall	3	[email protected]	[ ]
541816f042e7d8204d000002	Army Camp	3	[email protected]	[ { "_targets" : [ "[email protected]", "someoneelse" ], "_permissions" : [ { "_read" : true } ] } ]
541816f042e7d8204d000003	Gold Mine	3	[email protected]	[ { "_targets" : [ "foo", "[email protected]", "bar" ], "_permissions" : [ { "_read" : true } ] } ]

And

client is authenticated as John

When

client requests GET /api/buildings

Then

response status should be 200

And

response body should be JSON:

[ { "_id" : "541816f042e7d8204d000002", "label" : "Army Camp", "level" : 3, "_owner" : "[email protected]", "_tags" : [ { "_targets" : [ "[email protected]", "someoneelse" ], "_permissions" : [ { "_read" : true } ] } ] },
{ "_id" : "541816f042e7d8204d000003", "label" : "Gold Mine", "level" : 3, "_owner" : "[email protected]", "_tags" : [ { "_targets" : [ "[email protected]" ], "_permissions" : [ { "_read" : true } ] } ] } ]

When

client requests GET /api/buildings/541816f042e7d8204d000003

Then

response status should be 200

And

response body should be JSON:

{ "_id" : "541816f042e7d8204d000003", 
  "label" : "Gold Mine",
  "level" : 3,
  "_owner" : "[email protected]",
  "_tags" : [ { "_targets" : [ "[email protected]" ], "_permissions" : [ { "_read" : true } ] } ] }

When

client requests POST /api/buildings/search with JSON: { "level": 3 }

Then

response status should be 200

And

response body should be JSON:

[ { "_id" : "541816f042e7d8204d000002", "label" : "Army Camp", "level" : 3, "_owner" : "[email protected]", "_tags" : [ { "_targets" : [ "[email protected]", "someoneelse" ], "_permissions" : [ { "_read" : true } ] } ] },
{ "_id" : "541816f042e7d8204d000003", "label" : "Gold Mine", "level" : 3, "_owner" : "[email protected]", "_tags" : [ { "_targets" : [ "[email protected]" ], "_permissions" : [ { "_read" : true } ] } ] } ]

John can update objects from Bob only if he has read/write permission

Given

the system only knows those Buildings:

_id	label	level	_owner	_tags
541816f042e7d8204d000001	Town Hall	3	[email protected]	[ { "_targets" : [ "foo", "[email protected]" ], "_permissions" : [ { "_read" : true}, {"_write": false} ] } ]
541816f042e7d8204d000002	Army Camp	3	[email protected]	[ { "_targets" : [ "[email protected]", "someoneelse" ], "_permissions" : [ { "_read" : true } ] } ]
541816f042e7d8204d000003	Gold Mine	3	[email protected]	[ { "_targets" : [ "[email protected]", "bar" ], "_permissions" : [ { "_read" : true}, {"_write": true} ] } ]

And

client is authenticated as John

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000003 with JSON:

{ "label": "John's Town Hall",
  "level": 999 }

Then

response status should be 200

And

response body should be JSON:

{ "status": "ok" }

Even if he has read/write permision, John must not be able to modify permissions of objects from Bob

Given

the system only knows those Buildings:

_id	label	level	_owner	_tags
541816f042e7d8204d000001	Town Hall	3	[email protected]	[ { "_targets" : [ "foo", "[email protected]" ], "_permissions" : [ {"_read" : true}, {"_write": false} ] } ]
541816f042e7d8204d000002	Army Camp	3	[email protected]	[ { "_targets" : [ "[email protected]", "someoneelse" ], "_permissions" : [ {"_read": true} ] } ]
541816f042e7d8204d000003	Gold Mine	3	[email protected]	[ { "_targets" : [ "[email protected]", "bar" ], "_permissions" : [ {"_read" : true}, {"_write": true} ] } ]

And

client is authenticated as John

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "_owner": "[email protected]" }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000001 with JSON:

{ "_tags": [{ "_targets": ["[email protected]"], "_permissions": [ {"_read": true}, {"_write": true} ] }] }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000003 with JSON:

{ "_owner": "[email protected]" }

Then

response status should be 422

When

client requests PATCH /api/buildings/541816f042e7d8204d000003 with JSON:

{ "_tags": [{ "_targets": ["[email protected]", "[email protected]"], "_permissions": [ {"_read": true}, {"_write": true} ] }] }

Then

response status should be 422

Last published about 6 years ago by Bruno Le Hyaric.

Access Control

Edison settings