is_subset + tests

aleph-im · Jul 3, 2023 · c8dd21c · c8dd21c
1 parent e4e6a1a
commit c8dd21c
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 22 deletions.
diff --git a/src/aleph/db/models/permissions.py b/src/aleph/db/models/permissions.py
@@ -69,17 +69,16 @@ def extends(self, other: "BasePermissionDb") -> bool:
             and self.granted_by == other.granted_by
             and self.address == other.address
             and self.channel == other.channel
-            and other.valid_from <= self.valid_until
+            and self.valid_from <= other.valid_until
         )
 
-    def is_reduced_subset(self, other: "BasePermissionDb") -> bool:
+    def is_subset(self, other: "BasePermissionDb") -> bool:
         return (
             self.type == other.type
             and self.owner == other.owner
             and self.granted_by == other.granted_by
             and self.address == other.address
-            and self.channel == other.channel
-            and
+            and (self.channel == other.channel or other.channel is None)
         )
 
     def __hash__(self):
@@ -116,12 +115,23 @@ def extends(self, other: BasePermissionDb) -> bool:
             and self.create == other.create
             and self.update == other.update
             and self.delete == other.delete
-            and tuple(self.refs) == tuple(other.refs)
-            and tuple(self.addresses) == tuple(other.addresses)
+            and tuple(self.refs or []) == tuple(other.refs or [])
+            and tuple(self.addresses or []) == tuple(other.addresses or [])
         )
 
-    def is_reduced_subset(self, other: BasePermissionDb) -> bool:
-        return
+    def is_subset(self, other: BasePermissionDb) -> bool:
+        return (
+            super().is_subset(other)
+            and isinstance(other, CrudPermissionDb)
+            and (other.create or self.create == other.create)
+            and (other.update or self.update == other.update)
+            and (other.delete or self.delete == other.delete)
+            and (other.refs is None or (set(self.refs or []) & set(other.refs)))
+            and (
+                other.addresses is None
+                or (set(self.addresses or []) & set(other.addresses))
+            )
+        )
 
 
 class AggregatePermissionDb(CrudPermissionDb):
@@ -141,7 +151,13 @@ def extends(self, other: BasePermissionDb) -> bool:
         return (
             super().extends(other)
             and isinstance(other, PostPermissionDb)
-            and tuple(self.post_types) == tuple(other.post_types)
+            and tuple(self.post_types or []) == tuple(other.post_types or [])
+        )
+
+    def is_subset(self, other: BasePermissionDb) -> bool:
+        return super().is_subset(other) and (
+            other.post_types is None
+            or (set(self.post_types or []) & set(other.post_types))
         )
 
 

diff --git a/src/aleph/handlers/content/permission.py b/src/aleph/handlers/content/permission.py
@@ -78,7 +78,7 @@ def _get_permission_diff(
         for current_permission in current_permissions:
             if new_permission.extends(current_permission):
                 permissions_to_keep.add(current_permission)
-            elif new_permission.is_reduced_subset(current_permission):
+            elif new_permission.is_subset(current_permission):
                 if current_permission.children:
                     for child in current_permission.children:
                         if not child.is_subset(new_permission):

diff --git a/tests/db/test_permission_comparisons.py b/tests/db/test_permission_comparisons.py
@@ -5,21 +5,101 @@
 import datetime as dt
 
 
-POST_PERMISSION = PostPermissionDb(
-    owner="0xdeadbeef",
-    granted_by="0xdeadbeef",
-    address="0xbadbabe",
-    type=PermissionType.POST.value,
-    valid_from=dt.datetime(2023, 1, 1, tzinfo=dt.timezone.utc),
-    valid_until="infinity",
-    post_type=None,
+@pytest.fixture
+def post_permission() -> PostPermissionDb:
+    return PostPermissionDb(
+        owner="0xdeadbeef",
+        granted_by="0xdeadbeef",
+        address="0xbadbabe",
+        type=PermissionType.POST.value,
+        valid_from=dt.datetime(2023, 1, 1, tzinfo=dt.timezone.utc),
+        valid_until=dt.datetime(2024, 1, 1, tzinfo=dt.timezone.utc),
+        create=False,
+        update=True,
+        delete=True,
+        refs=[
+            "8fb44c62d7d8c19bd46bdb823e6f148f9b922214a255aca4957f9455c32a5bd3",
+            "186c2a082fa6bc5385515159d10fbb30426ece7e33dab004a1960c66adefdb1d",
+        ],
+        post_types=["my-posts", "my-db"],
+        channel="TEST",
+    )
+
+
+@pytest.fixture
+def post_permission_delete_everything() -> PostPermissionDb:
+    return PostPermissionDb(
+        owner="0xdeadbeef",
+        granted_by="0xdeadbeef",
+        address="0xbadbabe",
+        type=PermissionType.POST.value,
+        valid_from=dt.datetime(2023, 1, 1, tzinfo=dt.timezone.utc),
+        valid_until=dt.datetime(2024, 1, 1, tzinfo=dt.timezone.utc),
+        create=False,
+        update=False,
+        delete=True,
+        post_types=None,
+        channel=None,
+    )
+
+
+@pytest.fixture
+def post_permission_do_everything() -> PostPermissionDb:
+    return PostPermissionDb(
+        owner="0xdeadbeef",
+        granted_by="0xdeadbeef",
+        address="0xbadbabe",
+        type=PermissionType.POST.value,
+        valid_from=dt.datetime(2023, 1, 1, tzinfo=dt.timezone.utc),
+        valid_until=dt.datetime(2024, 1, 1, tzinfo=dt.timezone.utc),
+        create=True,
+        update=True,
+        delete=True,
+        post_types=None,
+        channel=None,
+    )
+
+
+@pytest.mark.parametrize(
+    "fixture_name", ["post_permission", "post_permission_do_everything"]
 )
+def test_permissions_extends(fixture_name: str, request):
+    old_permission: BasePermissionDb = request.getfixturevalue(fixture_name)
+    new_permission = copy.deepcopy(old_permission)
+
+    new_permission.valid_from = dt.datetime(2024, 1, 1, tzinfo=dt.timezone.utc)
+    new_permission.valid_until = dt.datetime(2025, 1, 1, tzinfo=dt.timezone.utc)
+    assert new_permission.extends(old_permission)
+
+    new_permission.valid_from = dt.datetime(2027, 1, 1, tzinfo=dt.timezone.utc)
+    new_permission.valid_until = dt.datetime(2028, 1, 1, tzinfo=dt.timezone.utc)
+    assert not new_permission.extends(old_permission)
 
 
 @pytest.mark.parametrize(
-    "permission_1,permission_2", [(POST_PERMISSION, POST_PERMISSION)]
+    "fixture_name",
+    [
+        "post_permission",
+        "post_permission_do_everything",
+        "post_permission_delete_everything",
+    ],
 )
-def test_permissions_equal(
-    permission_1: BasePermissionDb, permission_2: BasePermissionDb
+def test_permission_is_subset_self(fixture_name: str, request):
+    permission: BasePermissionDb = request.getfixturevalue(fixture_name)
+    assert permission.is_subset(permission)
+
+
+def test_permission_is_subset_post(
+    post_permission: PostPermissionDb,
+    post_permission_do_everything: PostPermissionDb,
+    post_permission_delete_everything: PostPermissionDb,
 ):
-    assert permission_1 == permission_2
+    assert post_permission.is_subset(post_permission_do_everything)
+    assert not post_permission_do_everything.is_subset(post_permission)
+
+    assert post_permission_delete_everything.is_subset(post_permission_do_everything)
+    assert not post_permission_do_everything.is_subset(
+        post_permission_delete_everything
+    )
+    assert not post_permission_delete_everything.is_subset(post_permission)
+    assert not post_permission.is_subset(post_permission_delete_everything)