From aa864de1acfe91b6771a4e343e9e07ee9afb2a6e Mon Sep 17 00:00:00 2001 From: Tim Holm Date: Mon, 13 Nov 2023 10:52:17 +1100 Subject: [PATCH] Ensure at least one permission when calling allow. --- nitric/resources/buckets.py | 4 ++-- nitric/resources/collections.py | 4 ++-- nitric/resources/queues.py | 4 ++-- nitric/resources/secrets.py | 4 ++-- nitric/resources/topics.py | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/nitric/resources/buckets.py b/nitric/resources/buckets.py index 9215b27..6f7be68 100644 --- a/nitric/resources/buckets.py +++ b/nitric/resources/buckets.py @@ -69,9 +69,9 @@ def _perms_to_actions(self, *args: BucketPermission) -> List[int]: def _to_resource(self) -> Resource: return Resource(name=self.name, type=ResourceType.Bucket) # type:ignore - def allow(self, *args: BucketPermission) -> BucketRef: + def allow(self, perm: BucketPermission, *args: BucketPermission) -> BucketRef: """Request the required permissions for this resource.""" - str_args = [str(permission) for permission in args] + str_args = [str(perm)] + [str(permission) for permission in args] self._register_policy(*str_args) return Storage().bucket(self.name) diff --git a/nitric/resources/collections.py b/nitric/resources/collections.py index 029bc22..e13291d 100644 --- a/nitric/resources/collections.py +++ b/nitric/resources/collections.py @@ -67,10 +67,10 @@ def _perms_to_actions(self, *args: CollectionPermission) -> List[int]: return [action for perm in args for action in permission_actions_map[perm]] - def allow(self, *args: CollectionPermission) -> CollectionRef: + def allow(self, perm: CollectionPermission, *args: CollectionPermission) -> CollectionRef: """Request the required permissions for this collection.""" # Ensure registration of the resource is complete before requesting permissions. - str_args = [str(permission) for permission in args] + str_args = [str(perm)] + [str(permission) for permission in args] self._register_policy(*str_args) return Documents().collection(self.name) diff --git a/nitric/resources/queues.py b/nitric/resources/queues.py index c31e143..87dc733 100644 --- a/nitric/resources/queues.py +++ b/nitric/resources/queues.py @@ -65,10 +65,10 @@ async def _register(self) -> None: except GRPCError as grpc_err: raise exception_from_grpc_error(grpc_err) - def allow(self, *args: QueuePermission) -> QueueRef: + def allow(self, perm: QueuePermission, *args: QueuePermission) -> QueueRef: """Request the required permissions for this queue.""" # Ensure registration of the resource is complete before requesting permissions. - str_args = [str(permission) for permission in args] + str_args = [str(perm)] + [str(permission) for permission in args] self._register_policy(*str_args) return Queues().queue(self.name) diff --git a/nitric/resources/secrets.py b/nitric/resources/secrets.py index b6028cf..4fa2496 100644 --- a/nitric/resources/secrets.py +++ b/nitric/resources/secrets.py @@ -66,9 +66,9 @@ def _perms_to_actions(self, *args: SecretPermission) -> List[int]: return [action for perm in args for action in permissions_actions_map[perm]] - def allow(self, *args: SecretPermission) -> SecretContainerRef: + def allow(self, perm: SecretPermission, *args: SecretPermission) -> SecretContainerRef: """Request the specified permissions to this resource.""" - str_args = [str(permission) for permission in args] + str_args = [str(perm)] + [str(permission) for permission in args] self._register_policy(*str_args) return Secrets().secret(self.name) diff --git a/nitric/resources/topics.py b/nitric/resources/topics.py index a0f7441..f60cf20 100644 --- a/nitric/resources/topics.py +++ b/nitric/resources/topics.py @@ -63,9 +63,9 @@ def _perms_to_actions(self, *args: TopicPermission) -> List[int]: return [action for perm in args for action in _permMap[perm]] - def allow(self, *args: TopicPermission) -> TopicRef: + def allow(self, perm: TopicPermission, *args: TopicPermission) -> TopicRef: """Request the specified permissions to this resource.""" - str_args = [str(permission) for permission in args] + str_args = [perm] + [str(permission) for permission in args] self._register_policy(*str_args) return Events().topic(self.name)