From c0f3561e4458baf15983425c64cb1d5550fdf6f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?rogger=20andr=C3=A9=20valverde=20flores?=
 <rogger.valverde@uni.pe>
Date: Sat, 10 Apr 2021 22:02:56 -0500
Subject: [PATCH] fix(evaluate): using context in instantiation in
 IdentityBasedPolicy and ResourceBasedPolicy

fix #43
---
 src/IdentityBasedPolicy.test.ts | 20 +++++++++++++++++---
 src/IdentityBasedPolicy.ts      |  4 ++--
 src/ResourceBasedPolicy.test.ts | 30 ++++++++++++++++++++++++------
 src/ResourceBasedPolicy.ts      |  4 ++--
 4 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/src/IdentityBasedPolicy.test.ts b/src/IdentityBasedPolicy.test.ts
index 991fb12..c586232 100644
--- a/src/IdentityBasedPolicy.test.ts
+++ b/src/IdentityBasedPolicy.test.ts
@@ -229,19 +229,33 @@ describe('IdentityBasedPolicy Class', () => {
 
   describe('when match based on context', () => {
     it('returns true or false', () => {
-      const policy = new IdentityBasedPolicy({
+      const policy = new IdentityBasedPolicy<Record<string, any>>({
         statements: [
           {
             resource: ['secrets:${user.id}:*'],
             action: ['read', 'write']
           },
           {
+            effect: 'deny',
             resource: ['secrets:${user.bestFriends}:*'],
             action: 'read'
           }
-        ]
+        ],
+        context: { user: { id: 124 } }
       });
 
+      expect(
+        policy.evaluate({
+          action: 'read',
+          resource: 'secrets:124:code'
+        })
+      ).toBe(true);
+      expect(
+        policy.evaluate({
+          action: 'read',
+          resource: 'secrets:123:code'
+        })
+      ).toBe(false);
       expect(
         policy.evaluate({
           action: 'read',
@@ -268,7 +282,7 @@ describe('IdentityBasedPolicy Class', () => {
           action: 'read',
           resource: 'secrets:563:secret',
           context: {
-            user: { id: 456, bestFriends: [123, 563, 1211] }
+            user: { id: 563, bestFriends: [123, 1211] }
           }
         })
       ).toBe(true);
diff --git a/src/IdentityBasedPolicy.ts b/src/IdentityBasedPolicy.ts
index 7b630f4..9486f2c 100644
--- a/src/IdentityBasedPolicy.ts
+++ b/src/IdentityBasedPolicy.ts
@@ -71,7 +71,7 @@ export class IdentityBasedPolicy<T extends object> extends Policy<
       s.matches({
         action,
         resource,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );
@@ -85,7 +85,7 @@ export class IdentityBasedPolicy<T extends object> extends Policy<
       s.matches({
         action,
         resource,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );
diff --git a/src/ResourceBasedPolicy.test.ts b/src/ResourceBasedPolicy.test.ts
index 94aedc1..cc3671c 100644
--- a/src/ResourceBasedPolicy.test.ts
+++ b/src/ResourceBasedPolicy.test.ts
@@ -465,7 +465,7 @@ describe('ResourceBasedPolicy Class', () => {
 
   describe('when match based on context', () => {
     it('returns true or false', () => {
-      const policy = new ResourceBasedPolicy({
+      const policy = new ResourceBasedPolicy<Record<string, any>>({
         statements: [
           {
             principal: { id: 'rogger' },
@@ -473,13 +473,31 @@ describe('ResourceBasedPolicy Class', () => {
             action: ['read', 'write']
           },
           {
+            effect: 'deny',
             principal: { id: 'rogger' },
             resource: ['secrets:${user.bestFriends}:*'],
             action: 'read'
           }
-        ]
+        ],
+        context: { user: { id: 124, bestFriends: [563] } }
       });
 
+      expect(
+        policy.evaluate({
+          principal: 'rogger',
+          action: 'read',
+          resource: 'secrets:124:code',
+          principalType: 'id'
+        })
+      ).toBe(true);
+      expect(
+        policy.evaluate({
+          principal: 'rogger',
+          action: 'read',
+          resource: 'secrets:125:code',
+          principalType: 'id'
+        })
+      ).toBe(false);
       expect(
         policy.evaluate({
           principal: 'rogger',
@@ -502,7 +520,7 @@ describe('ResourceBasedPolicy Class', () => {
         policy.evaluate({
           principal: 'rogger',
           action: 'read',
-          resource: 'secrets:123:sshhh',
+          resource: 'secrets:123:topSecret',
           principalType: 'id',
           context: { user: { id: 456 } }
         })
@@ -511,10 +529,10 @@ describe('ResourceBasedPolicy Class', () => {
         policy.evaluate({
           principal: 'rogger',
           action: 'read',
-          resource: 'secrets:563:sshhh',
+          resource: 'secrets:563:topSecret',
           principalType: 'id',
           context: {
-            user: { id: 456, bestFriends: [123, 563, 1211] }
+            user: { id: 563, bestFriends: [123, 1211] }
           }
         })
       ).toBe(true);
@@ -522,7 +540,7 @@ describe('ResourceBasedPolicy Class', () => {
         policy.evaluate({
           principal: 'rogger',
           action: 'write',
-          resource: 'secrets:123:sshhh'
+          resource: 'secrets:123:topSecret'
         })
       ).toBe(false);
     });
diff --git a/src/ResourceBasedPolicy.ts b/src/ResourceBasedPolicy.ts
index b40c086..ca994b0 100644
--- a/src/ResourceBasedPolicy.ts
+++ b/src/ResourceBasedPolicy.ts
@@ -85,7 +85,7 @@ export class ResourceBasedPolicy<T extends object> extends Policy<
         action,
         resource,
         principalType,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );
@@ -107,7 +107,7 @@ export class ResourceBasedPolicy<T extends object> extends Policy<
         action,
         resource,
         principalType,
-        context,
+        context: context || this.context,
         conditionResolver: this.conditionResolver
       })
     );