Fixes token update when non-partitioned policies change access rights…

…, related to TykTechnologies#1559 Adds test to cover TykTechnologies#1501 changes
DTLC3 · Mar 23, 2018 · ec62eba · ec62eba
1 parent 329c7fb
commit ec62eba
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/middleware.go b/middleware.go
@@ -254,7 +254,7 @@ func (t BaseMiddleware) ApplyPolicies(key string, session *user.SessionState) er
 			}
 
 			// ACL
-			session.AccessRights = policy.AccessRights
+			rights = policy.AccessRights
 			session.HMACEnabled = policy.HMACEnabled
 		}
 

diff --git a/policy_test.go b/policy_test.go
@@ -82,6 +82,9 @@ func TestApplyPolicies(t *testing.T) {
 			Partitions:   user.PolicyPartitions{Acl: true},
 			AccessRights: map[string]user.AccessDefinition{"b": {}},
 		},
+		"acl3": {
+			AccessRights: map[string]user.AccessDefinition{"c": {}},
+		},
 	}
 	policiesMu.RUnlock()
 	bmid := &BaseMiddleware{Spec: &APISpec{
@@ -186,6 +189,25 @@ func TestApplyPolicies(t *testing.T) {
 				}
 			},
 		},
+		{
+			"RightsUpdate", []string{"acl3"},
+			"", func(t *testing.T, s *user.SessionState) {
+				newPolicy := user.Policy{
+					AccessRights: map[string]user.AccessDefinition{"a": {}, "b": {}, "c": {}},
+				}
+				policiesMu.Lock()
+				policiesByID["acl3"] = newPolicy
+				policiesMu.Unlock()
+				err := bmid.ApplyPolicies("", s)
+				if err != nil {
+					t.Fatalf("couldn't apply policy: %s", err.Error())
+				}
+				want := newPolicy.AccessRights
+				if !reflect.DeepEqual(want, s.AccessRights) {
+					t.Fatalf("want %v got %v", want, s.AccessRights)
+				}
+			},
+		},
 	}
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-Original file line number
+Diff line change
@@ Expand Up @@
     			}
     			// ACL
-    			session.AccessRights = policy.AccessRights
+    			rights = policy.AccessRights
     			session.HMACEnabled = policy.HMACEnabled
     		}
@@ Expand Down @@