feat(authorization): first implementation to fix broken authz graph

ConduitPlatform · Sep 8, 2023 · abb0f97 · abb0f97
1 parent c72f481
commit abb0f97
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/modules/authorization/src/controllers/index.controller.ts b/modules/authorization/src/controllers/index.controller.ts
@@ -59,14 +59,9 @@ export class IndexController {
     for (const permission of permissions) {
       const roles = objectDefinition.permissions[permission];
       for (const role of roles) {
-        // no index needed for "allowAll" permissions
-        // or for self modification
-        if (role === '*' || role.indexOf('->') === -1) {
-          await this.createOrUpdateObject(
-            object + '#' + permission,
-            role === '*' ? `*` : `${object}#${role}`,
-          );
-        } else {
+        if (role.indexOf('->') === -1) {
+          await this.createOrUpdateObject(object + '#' + permission, `${object}#${role}`);
+        } else if (role !== '*') {
           const [relatedSubject, action] = role.split('->');
           if (relation !== relatedSubject) continue;
           const possibleConnections = await ObjectIndex.getInstance().findMany({
@@ -78,6 +73,17 @@ export class IndexController {
         }
       }
     }
+    const actors = await ActorIndex.getInstance().findMany({
+      subject: object,
+    });
+    if (actors.length === 0) return;
+    for (const actor of actors) {
+      await this.constructRelationIndex(
+        actor.subject,
+        actor.relation,
+        actor.entity.split('#')[0],
+      );
+    }
   }
 
   async removeRelation(subject: string, relation: string, object: string) {