Fix regex in policies

inuits · Mar 28, 2024 · 8c1e195 · 8c1e195
1 parent 2074035
commit 8c1e195
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 6 deletions.
diff --git a/src/elody/policies/authorization/filter_generic_objects_policy.py b/src/elody/policies/authorization/filter_generic_objects_policy.py
@@ -20,7 +20,9 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not regex.match("^(/[^/]+)?/[^/]+/(filter|filter_v2)$", request.path):
+        if not regex.match(
+            "^(/[^/]+/v[0-9]+)?/[^/]+/(filter|filter_v2)$", request.path
+        ):
             return policy_context
 
         if not isinstance(user_context.access_restrictions.filters, list):

diff --git a/src/elody/policies/authorization/generic_object_detail_policy.py b/src/elody/policies/authorization/generic_object_detail_policy.py
@@ -22,7 +22,7 @@ def authorize(
     ):
         request: Request = request_context.http_request
         if not regex.match(
-            "^(/[^/]+)?/[^/]+/[^/]+$|^/ngsi-ld/v1/entities/[^/]+$", request.path
+            "^(/[^/]+/v[0-9]+)?/[^/]+/[^/]+$|^/ngsi-ld/v1/entities/[^/]+$", request.path
         ):
             return policy_context
 

diff --git a/src/elody/policies/authorization/generic_object_metadata_policy.py b/src/elody/policies/authorization/generic_object_metadata_policy.py
@@ -21,7 +21,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not regex.match("^(/[^/]+)?/[^/]+/[^/]+/metadata$", request.path):
+        if not regex.match("^(/[^/]+/v[0-9]+)?/[^/]+/[^/]+/metadata$", request.path):
             return policy_context
 
         view_args = request.view_args or {}

diff --git a/src/elody/policies/authorization/generic_object_relations_policy.py b/src/elody/policies/authorization/generic_object_relations_policy.py
@@ -21,7 +21,7 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not regex.match("^(/[^/]+)?/[^/]+/[^/]+/relations$", request.path):
+        if not regex.match("^(/[^/]+/v[0-9]+)?/[^/]+/[^/]+/relations$", request.path):
             return policy_context
 
         view_args = request.view_args or {}

diff --git a/src/elody/policies/authorization/generic_object_request_policy.py b/src/elody/policies/authorization/generic_object_request_policy.py
@@ -22,7 +22,9 @@ def authorize(
         self, policy_context: PolicyContext, user_context: UserContext, request_context
     ):
         request: Request = request_context.http_request
-        if not regex.match("^(/[^/]+)?/[^/]+$|^/ngsi-ld/v1/entities$", request.path):
+        if not regex.match(
+            "^(/[^/]+/v[0-9]+)?/[^/]+$|^/ngsi-ld/v1/entities$", request.path
+        ):
             return policy_context
 
         for role in user_context.x_tenant.roles:

diff --git a/src/elody/policies/authorization/tenant_request_policy.py b/src/elody/policies/authorization/tenant_request_policy.py
@@ -8,7 +8,7 @@
 class TenantRequestPolicy(BaseAuthorizationPolicy):
     def authorize(self, policy_context, user_context, request_context):
         request: Request = request_context.http_request
-        if not regex.match("^(/[^/]+)?/tenants$", request.path):
+        if not regex.match("^(/[^/]+/v[0-9]+)?/tenants$", request.path):
             return policy_context
 
         set_restricting_filter = True