Merge develop into master for release

Author: tradu0606

actions/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>io.em2m.sdk</groupId>
         <artifactId>em2m-java-sdk-pom</artifactId>
-        <version>2.91.0</version>
+        <version>2.92.0</version>
     </parent>
 
     <packaging>jar</packaging>

ext/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>io.em2m.sdk</groupId>
         <artifactId>em2m-java-sdk-pom</artifactId>
-        <version>2.91.0</version>
+        <version>2.92.0</version>
     </parent>
 
     <packaging>jar</packaging>

geo/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>io.em2m.sdk</groupId>
         <artifactId>em2m-java-sdk-pom</artifactId>
-        <version>2.91.0</version>
+        <version>2.92.0</version>
     </parent>
 
     <packaging>jar</packaging>

policy/pom.xml

@@ -25,7 +25,7 @@
     <parent>
         <groupId>io.em2m.sdk</groupId>
         <artifactId>em2m-java-sdk-pom</artifactId>
-        <version>2.91.0</version>
+        <version>2.92.0</version>
     </parent>
 
     <packaging>jar</packaging>

policy/src/main/java/io/em2m/policy/basic/BasicPolicyEngine.kt

@@ -13,11 +13,16 @@ class BasicPolicyEngine(policySource: PolicySource, val simplex: Simplex = Simpl
 
     override fun findAllowedActions(context: PolicyContext): List<String> {
         val roles = context.claims.roles.plus("anonymous").distinct()
-        val statements = statementsForRoles(roles)
+
+        val (allowedStatements, deniedStatements) = statementsForRoles(roles)
             .filter { testResource(it, context) }
             .filter { it.condition.call(context.map) }
-            .filter { it.effect == Effect.Allow }
-        return statements.flatMap { it.actions }.distinct()
+            .partition { it.effect == Effect.Allow }
+
+        val allowed = allowedStatements.flatMap { it.actions }.distinct()
+        val denied = deniedStatements.flatMap { it.actions }.distinct()
+
+        return allowed.filter { action -> action !in denied }
     }
 
     override fun isActionAllowed(actionName: String, context: PolicyContext): Boolean {

policy/src/test/data/policies/AccountFullAccess.json

@@ -30,6 +30,14 @@
             "fimanager"
           ]
         }
-      }}
+      }},
+    {
+      "effect": "Deny",
+      "actions": [
+        "ident:DeleteAccount"
+      ],
+      "resource": "em2m:ident:account:*",
+      "condition": true
+    }
   ]
 }

policy/src/test/data/roles/sales.json

@@ -10,6 +10,13 @@
         "feature:SalesRoleFeature"
       ],
       "resource": "em2m:ident:account:*"
+    },
+    {
+      "effect": "Deny",
+      "actions": [
+        "ident:ChangeMyPassword"
+      ],
+      "resource": "*"
     }
   ]
-}
+}

policy/src/test/java/io/em2m/policy/PolicyEngineTest.kt

@@ -37,6 +37,16 @@ class PolicyEngineTest : Assert() {
         println(allowed)
     }
 
+    @Test
+    fun testIsActionAllowedFalse() {
+        val claims = Claims(mapOf("sub" to "userid", "roles" to listOf("admin"), "exp" to Date(),
+            "features" to listOf("maintenance")))
+        val environment = Environment(emptyMap())
+        val resource = "em2m:ident:account:1234"
+        val isActionAllowed = policyEngine.isActionAllowed("ident:DeleteAccount", PolicyContext(claims, environment, resource))
+        assertFalse(isActionAllowed)
+    }
+
     @Test
     @Ignore
     fun testAllowIfFeature() {
@@ -85,9 +95,23 @@ class PolicyEngineTest : Assert() {
     }
 
     @Test
-    @Ignore
     fun testDeny() {
-        error("Not implemented")
+        val claims = Claims(mapOf("sub" to "1234", "roles" to listOf("sales"), "exp" to Date()))
+        val environment = Environment(emptyMap())
+        val resource = "em2m:ident:account:1234"
+        val context = PolicyContext(claims, environment, resource)
+        val allowed = policyEngine.isActionAllowed("ident:ChangeMyPassword", context)
+        assertFalse(allowed)
+    }
+
+    @Test
+    fun testAllowedActionsFiltering() {
+        val claims = Claims(mapOf("sub" to "1234", "roles" to listOf("sales"), "exp" to Date()))
+        val environment = Environment(emptyMap())
+        val resource = "em2m:ident:account:1234"
+        val context = PolicyContext(claims, environment, resource)
+        val allowedActions = policyEngine.findAllowedActions(context)
+        assertFalse("ident:ChangeMyPassword" in allowedActions)
     }
 
     class ReportTypeKey : KeyHandlerSupport() {
@@ -111,4 +135,4 @@ class PolicyEngineTest : Assert() {
         }
     }
 
-}
+}

pom.xml

@@ -26,7 +26,7 @@
     <artifactId>em2m-java-sdk-pom</artifactId>
     <packaging>pom</packaging>
     <name>em2m-java-sdk-pom</name>
-    <version>2.91.0</version>
+    <version>2.92.0</version>
 
     <modules>
         <module>utils</module>

problem/pom.xml

@@ -25,12 +25,12 @@
     <parent>
         <groupId>io.em2m.sdk</groupId>
         <artifactId>em2m-java-sdk-pom</artifactId>
-        <version>2.91.0</version>
+        <version>2.92.0</version>
     </parent>
 
     <packaging>jar</packaging>
     <artifactId>em2m-java-sdk-problem</artifactId>
-    <version>2.91.0</version>
+    <version>2.92.0</version>
     <name>em2m-java-sdk-problem</name>
 
     <dependencies>