From f6bae99e2bce6096932a4dc80c1cbef9908b3aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Can=20Berk=20G=C3=BCder?= Date: Tue, 11 Feb 2025 15:46:48 -0800 Subject: [PATCH] Fix exception in in-memory permission backend Fix an exception in the in-memory permission backend when user principles exist, and get_accessible_objects is called without bound permissions. Fixes #2687. --- kinto/core/permission/memory.py | 5 +++-- kinto/core/permission/testing.py | 6 ++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/kinto/core/permission/memory.py b/kinto/core/permission/memory.py index 5bc727999..5ed8424fc 100644 --- a/kinto/core/permission/memory.py +++ b/kinto/core/permission/memory.py @@ -98,8 +98,9 @@ def get_accessible_objects(self, principals, bound_permissions=None, with_childr candidates = [] if bound_permissions is None: for key, value in self._store.items(): - _, object_id, permission = key.split(":", 2) - candidates.append((object_id, permission, value)) + if key.startswith("permission:"): + _, object_id, permission = key.split(":", 2) + candidates.append((object_id, permission, value)) else: for pattern, perm in bound_permissions: id_match = ".*" if with_children else "[^/]+" diff --git a/kinto/core/permission/testing.py b/kinto/core/permission/testing.py index 7f276f6de..71ed742b4 100644 --- a/kinto/core/permission/testing.py +++ b/kinto/core/permission/testing.py @@ -344,6 +344,12 @@ def test_accessible_objects_without_match(self): ) self.assertEqual(sorted(per_object_ids.keys()), ["/url/a", "/url/a/id/1", "/url/a/id/2"]) + def test_accessible_objects_with_user_principle(self): + self.permission.add_user_principal("user1", "group") + self.permission.add_principal_to_ace("id1", "write", "user1") + per_object_ids = self.permission.get_accessible_objects(["user1"]) + self.assertEqual(sorted(per_object_ids.keys()), ["id1"]) + # # get_object_permissions() #