use super::cst;
use super::err::{
self, ParseError, ParseErrors, Ref, RefCreationError, ToASTError, ToASTErrorKind,
};
use super::loc::Loc;
use super::node::Node;
use super::unescape::{to_pattern, to_unescaped_string};
use crate::ast::{
self, ActionConstraint, CallStyle, EntityReference, EntityType, EntityUID,
ExprConstructionError, Integer, PatternElem, PolicySetError, PrincipalConstraint,
PrincipalOrResourceConstraint, ResourceConstraint,
};
use crate::est::extract_single_argument;
use itertools::Either;
use smol_str::SmolStr;
use std::cmp::Ordering;
use std::collections::{BTreeMap, HashSet};
use std::mem;
use std::sync::Arc;
struct ExtStyles<'a> {
functions: HashSet<&'a ast::Name>,
methods: HashSet<&'a str>,
}
lazy_static::lazy_static! {
static ref EXTENSION_STYLES: ExtStyles<'static> = load_styles();
}
fn load_styles() -> ExtStyles<'static> {
let mut functions = HashSet::new();
let mut methods = HashSet::new();
for func in crate::extensions::Extensions::all_available().all_funcs() {
match func.style() {
CallStyle::FunctionStyle => functions.insert(func.name()),
CallStyle::MethodStyle => methods.insert(func.name().basename().as_ref()),
};
}
ExtStyles { functions, methods }
}
impl Node<Option<cst::Policies>> {
pub fn with_generated_policyids(
&self,
) -> Option<impl Iterator<Item = (ast::PolicyID, &Node<Option<cst::Policy>>)>> {
let policies = self.as_inner()?;
Some(
policies
.0
.iter()
.enumerate()
.map(|(count, node)| (ast::PolicyID::from_string(format!("policy{count}")), node)),
)
}
pub fn to_policyset(&self, errs: &mut ParseErrors) -> Option<ast::PolicySet> {
let mut pset = ast::PolicySet::new();
let mut complete_set = true;
for (policy_id, policy) in self.with_generated_policyids()? {
match policy.to_policy_or_template(policy_id, errs) {
Some(Either::Right(template)) => {
if let Err(e) = pset.add_template(template) {
match e {
PolicySetError::Occupied { id } => {
errs.push(self.to_ast_err(ToASTErrorKind::DuplicateTemplateId(id)))
}
};
complete_set = false
}
}
Some(Either::Left(inline_policy)) => {
if let Err(e) = pset.add_static(inline_policy) {
match e {
PolicySetError::Occupied { id } => {
errs.push(self.to_ast_err(ToASTErrorKind::DuplicatePolicyId(id)))
}
};
complete_set = false
}
}
None => complete_set = false,
};
}
if complete_set {
Some(pset)
} else {
None
}
}
}
impl Node<Option<cst::Policy>> {
pub fn to_policy_or_template(
&self,
id: ast::PolicyID,
errs: &mut ParseErrors,
) -> Option<Either<ast::StaticPolicy, ast::Template>> {
let t = self.to_policy_template(id, errs)?;
if t.slots().count() == 0 {
ast::StaticPolicy::try_from(t).ok().map(Either::Left)
} else {
Some(Either::Right(t))
}
}
pub fn to_policy(
&self,
id: ast::PolicyID,
errs: &mut ParseErrors,
) -> Option<ast::StaticPolicy> {
let tp = self.to_policy_template(id, errs);
let policy = tp.map(ast::StaticPolicy::try_from);
let new_errs = errs
.iter()
.flat_map(|err| match err {
ParseError::ToAST(err) => match err.kind() {
ToASTErrorKind::SlotsInConditionClause { slot, .. } => Some(ToASTError::new(
ToASTErrorKind::UnexpectedTemplate { slot: slot.clone() },
err.source_loc().clone(),
)),
_ => None,
},
_ => None,
})
.collect::<Vec<_>>();
errs.extend(new_errs);
match policy {
Some(Err(ast::UnexpectedSlotError::FoundSlot(slot))) => {
errs.push(
self.to_ast_err(ToASTErrorKind::UnexpectedTemplate { slot: slot.into() }),
);
None
}
Some(Ok(p)) => Some(p),
None => None,
}
}
pub fn to_policy_template(
&self,
id: ast::PolicyID,
errs: &mut ParseErrors,
) -> Option<ast::Template> {
let policy = self.as_inner()?;
let maybe_effect = policy.effect.to_effect(errs);
let (annot_success, annotations) = policy.get_ast_annotations(errs);
let mut failure = !annot_success;
let (maybe_principal, maybe_action, maybe_resource) = policy.extract_head(errs);
let conds: Vec<_> = policy
.conds
.iter()
.filter_map(|c| {
let (e, is_when) = c.to_expr(errs)?;
for slot in e.slots() {
errs.push(c.to_ast_err(ToASTErrorKind::SlotsInConditionClause {
slot: (*slot).into(),
clausetype: if is_when { "when" } else { "unless" },
}));
}
Some(e)
})
.collect();
if conds.len() != policy.conds.len() {
failure = true
}
if failure || !errs.is_empty() {
return None;
};
let effect = maybe_effect?;
let principal = maybe_principal?;
let action = maybe_action?;
let resource = maybe_resource?;
Some(construct_template_policy(
id,
annotations,
effect,
principal,
action,
resource,
conds,
&self.loc,
))
}
}
impl cst::Policy {
pub fn extract_head(
&self,
errs: &mut ParseErrors,
) -> (
Option<PrincipalConstraint>,
Option<ActionConstraint>,
Option<ResourceConstraint>,
) {
let mut end_of_last_var = self.effect.loc.end();
let mut vars = self.variables.iter().peekable();
let principal = if let Some(head1) = vars.next() {
end_of_last_var = head1.loc.end();
head1.to_principal_constraint(errs)
} else {
errs.push(ToASTError::new(
ToASTErrorKind::MissingScopeConstraint(ast::Var::Principal),
self.effect.loc.span(end_of_last_var),
));
None
};
let action = if let Some(head2) = vars.next() {
end_of_last_var = head2.loc.end();
head2.to_action_constraint(errs)
} else {
errs.push(ToASTError::new(
ToASTErrorKind::MissingScopeConstraint(ast::Var::Action),
self.effect.loc.span(end_of_last_var),
));
None
};
let resource = if let Some(head3) = vars.next() {
head3.to_resource_constraint(errs)
} else {
errs.push(ToASTError::new(
ToASTErrorKind::MissingScopeConstraint(ast::Var::Resource),
self.effect.loc.span(end_of_last_var),
));
None
};
if vars.peek().is_some() {
for extra_var in vars {
if let Some(def) = extra_var.as_inner() {
errs.push(
extra_var.to_ast_err(ToASTErrorKind::ExtraHeadConstraints(def.clone())),
)
}
}
}
(principal, action, resource)
}
pub fn get_ast_annotations(&self, errs: &mut ParseErrors) -> (bool, ast::Annotations) {
let mut failure = false;
let mut annotations = BTreeMap::new();
for node in self.annotations.iter() {
match node.to_kv_pair(errs) {
Some((k, v)) => {
use std::collections::btree_map::Entry;
match annotations.entry(k) {
Entry::Occupied(oentry) => {
failure = true;
errs.push(ToASTError::new(
ToASTErrorKind::DuplicateAnnotation(oentry.key().clone()),
node.loc.clone(),
));
}
Entry::Vacant(ventry) => {
ventry.insert(v);
}
}
}
None => {
failure = true;
}
}
}
(!failure, annotations.into())
}
}
impl Node<Option<cst::Annotation>> {
pub fn to_kv_pair(&self, errs: &mut ParseErrors) -> Option<(ast::AnyId, ast::Annotation)> {
let anno = self.as_inner()?;
let maybe_key = anno.key.to_any_ident(errs);
let maybe_value = anno.value.as_valid_string(errs);
let maybe_value = match maybe_value.map(|s| to_unescaped_string(s)).transpose() {
Ok(maybe_value) => maybe_value,
Err(unescape_errs) => {
errs.extend(unescape_errs.into_iter().map(|e| self.to_ast_err(e)));
None
}
};
match (maybe_key, maybe_value) {
(Some(k), Some(v)) => Some((
k,
ast::Annotation {
val: v,
loc: Some(self.loc.clone()), },
)),
_ => None,
}
}
}
impl Node<Option<cst::Ident>> {
pub fn to_valid_ident(&self, errs: &mut ParseErrors) -> Option<ast::Id> {
let ident = self.as_inner()?;
match ident {
cst::Ident::If
| cst::Ident::True
| cst::Ident::False
| cst::Ident::Then
| cst::Ident::Else
| cst::Ident::In
| cst::Ident::Is
| cst::Ident::Has
| cst::Ident::Like => {
errs.push(self.to_ast_err(ToASTErrorKind::ReservedIdentifier(ident.clone())));
None
}
cst::Ident::Invalid(i) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidIdentifier(i.clone())));
None
}
_ => Some(ast::Id::new_unchecked(format!("{ident}"))),
}
}
pub fn to_any_ident(&self, errs: &mut ParseErrors) -> Option<ast::AnyId> {
let ident = self.as_inner()?;
match ident {
cst::Ident::Invalid(i) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidIdentifier(i.clone())));
None
}
_ => Some(ast::AnyId::new_unchecked(format!("{ident}"))),
}
}
pub(crate) fn to_effect(&self, errs: &mut ParseErrors) -> Option<ast::Effect> {
let effect = self.as_inner()?;
match effect {
cst::Ident::Permit => Some(ast::Effect::Permit),
cst::Ident::Forbid => Some(ast::Effect::Forbid),
_ => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidEffect(effect.clone())));
None
}
}
}
pub(crate) fn to_cond_is_when(&self, errs: &mut ParseErrors) -> Option<bool> {
let cond = self.as_inner()?;
match cond {
cst::Ident::When => Some(true),
cst::Ident::Unless => Some(false),
_ => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidCondition(cond.clone())));
None
}
}
}
fn to_var(&self, errs: &mut ParseErrors) -> Option<ast::Var> {
let ident = self.as_inner()?;
match ident {
cst::Ident::Principal => Some(ast::Var::Principal),
cst::Ident::Action => Some(ast::Var::Action),
cst::Ident::Resource => Some(ast::Var::Resource),
ident => {
errs.push(
self.to_ast_err(ToASTErrorKind::InvalidScopeConstraintVariable(
ident.clone(),
)),
);
None
}
}
}
}
impl ast::Id {
fn to_meth(
&self,
e: ast::Expr,
mut args: Vec<ast::Expr>,
errs: &mut ParseErrors,
loc: &Loc,
) -> Option<ast::Expr> {
match self.as_ref() {
"contains" => extract_single_argument(args.into_iter(), "contains", loc)
.map(|arg| construct_method_contains(e, arg, loc.clone()))
.map_err(|err| errs.push(err))
.ok(),
"containsAll" => extract_single_argument(args.into_iter(), "containsAll", loc)
.map(|arg| construct_method_contains_all(e, arg, loc.clone()))
.map_err(|err| errs.push(err))
.ok(),
"containsAny" => extract_single_argument(args.into_iter(), "containsAny", loc)
.map(|arg| construct_method_contains_any(e, arg, loc.clone()))
.map_err(|err| errs.push(err))
.ok(),
id => {
if EXTENSION_STYLES.methods.contains(&id) {
args.insert(0, e);
Some(construct_ext_meth(id.to_string(), args, loc.clone()))
} else {
let unqual_name = ast::Name::unqualified_name(self.clone());
if EXTENSION_STYLES.functions.contains(&unqual_name) {
errs.push(ToASTError::new(
ToASTErrorKind::MethodCallOnFunction(unqual_name.id),
loc.clone(),
));
} else {
errs.push(ToASTError::new(
ToASTErrorKind::InvalidMethodName(id.to_string()),
loc.clone(),
));
}
None
}
}
}
}
}
#[derive(Debug)]
enum PrincipalOrResource {
Principal(PrincipalConstraint),
Resource(ResourceConstraint),
}
impl Node<Option<cst::VariableDef>> {
fn to_principal_constraint(&self, errs: &mut ParseErrors) -> Option<PrincipalConstraint> {
match self.to_principal_or_resource_constraint(ast::Var::Principal, errs)? {
PrincipalOrResource::Principal(p) => Some(p),
PrincipalOrResource::Resource(_) => {
errs.push(self.to_ast_err(ToASTErrorKind::IncorrectVariable {
expected: ast::Var::Principal,
got: ast::Var::Resource,
}));
None
}
}
}
fn to_resource_constraint(&self, errs: &mut ParseErrors) -> Option<ResourceConstraint> {
match self.to_principal_or_resource_constraint(ast::Var::Resource, errs)? {
PrincipalOrResource::Principal(_) => {
errs.push(self.to_ast_err(ToASTErrorKind::IncorrectVariable {
expected: ast::Var::Resource,
got: ast::Var::Principal,
}));
None
}
PrincipalOrResource::Resource(r) => Some(r),
}
}
fn to_principal_or_resource_constraint(
&self,
expected: ast::Var,
errs: &mut ParseErrors,
) -> Option<PrincipalOrResource> {
let vardef = self.as_inner()?;
let var = vardef.variable.to_var(errs)?;
if let Some(unused_typename) = vardef.unused_type_name.as_ref() {
unused_typename.to_type_constraint(errs)?;
}
let c = if let Some((op, rel_expr)) = &vardef.ineq {
let eref = rel_expr.to_ref_or_slot(errs, var)?;
match (op, &vardef.entity_type) {
(cst::RelOp::Eq, None) => Some(PrincipalOrResourceConstraint::Eq(eref)),
(cst::RelOp::Eq, Some(_)) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidIs(
err::InvalidIsError::WrongOp(cst::RelOp::Eq),
)));
None
}
(cst::RelOp::In, None) => Some(PrincipalOrResourceConstraint::In(eref)),
(cst::RelOp::In, Some(entity_type)) => Some(PrincipalOrResourceConstraint::IsIn(
entity_type.to_expr_or_special(errs)?.into_name(errs)?,
eref,
)),
(cst::RelOp::InvalidSingleEq, _) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidSingleEq));
None
}
(op, _) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidConstraintOperator(*op)));
None
}
}
} else if let Some(entity_type) = &vardef.entity_type {
Some(PrincipalOrResourceConstraint::Is(
entity_type.to_expr_or_special(errs)?.into_name(errs)?,
))
} else {
Some(PrincipalOrResourceConstraint::Any)
}?;
match var {
ast::Var::Principal => {
Some(PrincipalOrResource::Principal(PrincipalConstraint::new(c)))
}
ast::Var::Resource => Some(PrincipalOrResource::Resource(ResourceConstraint::new(c))),
got => {
errs.push(self.to_ast_err(ToASTErrorKind::IncorrectVariable { expected, got }));
None
}
}
}
fn to_action_constraint(&self, errs: &mut ParseErrors) -> Option<ast::ActionConstraint> {
let vardef = self.as_inner()?;
match vardef.variable.to_var(errs) {
Some(ast::Var::Action) => Some(()),
Some(got) => {
errs.push(self.to_ast_err(ToASTErrorKind::IncorrectVariable {
expected: ast::Var::Action,
got,
}));
None
}
None => None,
}?;
if let Some(typename) = vardef.unused_type_name.as_ref() {
typename.to_type_constraint(errs)?;
}
if vardef.entity_type.is_some() {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidIs(err::InvalidIsError::ActionScope)));
return None;
}
let action_constraint = if let Some((op, rel_expr)) = &vardef.ineq {
let refs = rel_expr.to_refs(errs, ast::Var::Action)?;
match (op, refs) {
(cst::RelOp::In, OneOrMultipleRefs::Multiple(euids)) => {
Some(ActionConstraint::is_in(euids))
}
(cst::RelOp::In, OneOrMultipleRefs::Single(euid)) => {
Some(ActionConstraint::is_in([euid]))
}
(cst::RelOp::Eq, OneOrMultipleRefs::Single(euid)) => {
Some(ActionConstraint::is_eq(euid))
}
(cst::RelOp::Eq, OneOrMultipleRefs::Multiple(_)) => {
errs.push(rel_expr.to_ast_err(ToASTErrorKind::InvalidScopeEqualityRHS));
None
}
(cst::RelOp::InvalidSingleEq, _) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidSingleEq));
None
}
(op, _) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidConstraintOperator(*op)));
None
}
}
} else {
Some(ActionConstraint::Any)
}?;
match action_constraint_contains_only_action_types(action_constraint, &self.loc) {
Ok(a) => Some(a),
Err(mut id_errs) => {
errs.append(&mut id_errs);
None
}
}
}
}
fn action_constraint_contains_only_action_types(
a: ActionConstraint,
loc: &Loc,
) -> Result<ActionConstraint, ParseErrors> {
match a {
ActionConstraint::Any => Ok(a),
ActionConstraint::In(ref euids) => {
let non_actions = euids
.iter()
.filter(|euid| !euid_has_action_type(euid))
.collect::<Vec<_>>();
if non_actions.is_empty() {
Ok(a)
} else {
Err(non_actions
.into_iter()
.map(|euid| {
ToASTError::new(
ToASTErrorKind::InvalidActionType(euid.as_ref().clone()),
loc.clone(),
)
})
.collect())
}
}
ActionConstraint::Eq(ref euid) => {
if euid_has_action_type(euid) {
Ok(a)
} else {
Err(ParseErrors(vec![ToASTError::new(
ToASTErrorKind::InvalidActionType(euid.as_ref().clone()),
loc.clone(),
)
.into()]))
}
}
}
}
fn euid_has_action_type(euid: &EntityUID) -> bool {
if let EntityType::Specified(name) = euid.entity_type() {
name.id.as_ref() == "Action"
} else {
false
}
}
impl Node<Option<cst::Cond>> {
fn to_expr(&self, errs: &mut ParseErrors) -> Option<(ast::Expr, bool)> {
let cond = self.as_inner()?;
let maybe_is_when = cond.cond.to_cond_is_when(errs)?;
let maybe_expr = match &cond.expr {
Some(expr) => expr.to_expr(errs),
None => {
let ident = match cond.cond.as_inner() {
Some(ident) => ident.clone(),
None => {
if maybe_is_when {
cst::Ident::Ident("when".into())
} else {
cst::Ident::Ident("unless".into())
}
}
};
errs.push(self.to_ast_err(ToASTErrorKind::EmptyClause(Some(ident))));
None
}
};
maybe_expr.map(|e| {
if maybe_is_when {
(e, true)
} else {
(construct_expr_not(e, self.loc.clone()), false)
}
})
}
}
impl Node<Option<cst::Str>> {
pub(crate) fn as_valid_string(&self, errs: &mut ParseErrors) -> Option<&SmolStr> {
let id = self.as_inner()?;
match id {
cst::Str::String(s) => Some(s),
cst::Str::Invalid(s) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidString(s.to_string())));
None
}
}
}
}
pub(crate) enum ExprOrSpecial<'a> {
Expr { expr: ast::Expr, loc: Loc },
Var { var: ast::Var, loc: Loc },
Name { name: ast::Name, loc: Loc },
StrLit { lit: &'a SmolStr, loc: Loc },
}
impl ExprOrSpecial<'_> {
fn to_ast_err(&self, kind: impl Into<ToASTErrorKind>) -> ToASTError {
ToASTError::new(
kind.into(),
match self {
ExprOrSpecial::Expr { loc, .. } => loc.clone(),
ExprOrSpecial::Var { loc, .. } => loc.clone(),
ExprOrSpecial::Name { loc, .. } => loc.clone(),
ExprOrSpecial::StrLit { loc, .. } => loc.clone(),
},
)
}
fn into_expr(self, errs: &mut ParseErrors) -> Option<ast::Expr> {
match self {
Self::Expr { expr, .. } => Some(expr),
Self::Var { var, loc } => Some(construct_expr_var(var, loc)),
Self::Name { name, loc } => {
errs.push(ToASTError::new(
ToASTErrorKind::ArbitraryVariable(name.to_string().into()),
loc,
));
None
}
Self::StrLit { lit, loc } => match to_unescaped_string(lit) {
Ok(s) => Some(construct_expr_string(s, loc)),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| ToASTError::new(ToASTErrorKind::Unescape(e), loc.clone())),
);
None
}
},
}
}
pub(crate) fn into_valid_attr(self, errs: &mut ParseErrors) -> Option<SmolStr> {
match self {
Self::Var { var, .. } => Some(construct_string_from_var(var)),
Self::Name { name, loc } => name.into_valid_attr(errs, loc),
Self::StrLit { lit, loc } => match to_unescaped_string(lit) {
Ok(s) => Some(s),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| ToASTError::new(ToASTErrorKind::Unescape(e), loc.clone())),
);
None
}
},
Self::Expr { expr, loc } => {
errs.push(ToASTError::new(
ToASTErrorKind::InvalidAttribute(expr.to_string().into()),
loc,
));
None
}
}
}
fn into_pattern(self, errs: &mut ParseErrors) -> Option<Vec<PatternElem>> {
match &self {
Self::StrLit { lit, .. } => match to_pattern(lit) {
Ok(pat) => Some(pat),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
},
Self::Var { var, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidPattern(var.to_string())));
None
}
Self::Name { name, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidPattern(name.to_string())));
None
}
Self::Expr { expr, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidPattern(expr.to_string())));
None
}
}
}
fn into_string_literal(self, errs: &mut ParseErrors) -> Option<SmolStr> {
match &self {
Self::StrLit { lit, .. } => match to_unescaped_string(lit) {
Ok(s) => Some(s),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
},
Self::Var { var, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidString(var.to_string())));
None
}
Self::Name { name, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidString(name.to_string())));
None
}
Self::Expr { expr, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidString(expr.to_string())));
None
}
}
}
fn into_name(self, errs: &mut ParseErrors) -> Option<ast::Name> {
match self {
Self::StrLit { lit, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::IsInvalidName(lit.to_string())));
None
}
Self::Var { var, .. } => Some(ast::Name::unqualified_name(var.into())),
Self::Name { name, .. } => Some(name),
Self::Expr { ref expr, .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::IsInvalidName(expr.to_string())));
None
}
}
}
}
impl Node<Option<cst::Expr>> {
fn to_ref(&self, var: ast::Var, errs: &mut ParseErrors) -> Option<EntityUID> {
self.to_ref_or_refs::<SingleEntity>(errs, var).map(|x| x.0)
}
fn to_ref_or_slot(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<EntityReference> {
self.to_ref_or_refs::<EntityReference>(errs, var)
}
fn to_refs(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<OneOrMultipleRefs> {
self.to_ref_or_refs::<OneOrMultipleRefs>(errs, var)
}
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let expr = self.as_inner()?;
match &*expr.expr {
cst::ExprData::Or(o) => o.to_ref_or_refs::<T>(errs, var),
cst::ExprData::If(_, _, _) => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"an `if` expression",
None::<String>,
)));
None
}
}
}
pub fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
pub(crate) fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let expr = self.as_inner()?;
match &*expr.expr {
cst::ExprData::Or(or) => or.to_expr_or_special(errs),
cst::ExprData::If(i, t, e) => {
let maybe_guard = i.to_expr(errs);
let maybe_then = t.to_expr(errs);
let maybe_else = e.to_expr(errs);
match (maybe_guard, maybe_then, maybe_else) {
(Some(i), Some(t), Some(e)) => Some(ExprOrSpecial::Expr {
expr: construct_expr_if(i, t, e, self.loc.clone()),
loc: self.loc.clone(),
}),
_ => None,
}
}
}
}
}
trait RefKind: Sized {
fn err_str() -> &'static str;
fn create_single_ref(e: EntityUID, errs: &mut ParseErrors, loc: &Loc) -> Option<Self>;
fn create_multiple_refs(es: Vec<EntityUID>, errs: &mut ParseErrors, loc: &Loc) -> Option<Self>;
fn create_slot(errs: &mut ParseErrors, loc: &Loc) -> Option<Self>;
}
struct SingleEntity(pub EntityUID);
impl RefKind for SingleEntity {
fn err_str() -> &'static str {
"an entity uid"
}
fn create_single_ref(e: EntityUID, _errs: &mut ParseErrors, _loc: &Loc) -> Option<Self> {
Some(SingleEntity(e))
}
fn create_multiple_refs(
_es: Vec<EntityUID>,
errs: &mut ParseErrors,
loc: &Loc,
) -> Option<Self> {
errs.push(ToASTError::new(
RefCreationError::one_expected(Ref::Single, Ref::Set).into(),
loc.clone(),
));
None
}
fn create_slot(errs: &mut ParseErrors, loc: &Loc) -> Option<Self> {
errs.push(ToASTError::new(
RefCreationError::one_expected(Ref::Single, Ref::Template).into(),
loc.clone(),
));
None
}
}
impl RefKind for EntityReference {
fn err_str() -> &'static str {
"an entity uid or matching template slot"
}
fn create_slot(_: &mut ParseErrors, _loc: &Loc) -> Option<Self> {
Some(EntityReference::Slot)
}
fn create_single_ref(e: EntityUID, _errs: &mut ParseErrors, _loc: &Loc) -> Option<Self> {
Some(EntityReference::euid(e))
}
fn create_multiple_refs(
_es: Vec<EntityUID>,
errs: &mut ParseErrors,
loc: &Loc,
) -> Option<Self> {
errs.push(ToASTError::new(
RefCreationError::two_expected(Ref::Single, Ref::Template, Ref::Set).into(),
loc.clone(),
));
None
}
}
#[derive(Debug)]
enum OneOrMultipleRefs {
Single(EntityUID),
Multiple(Vec<EntityUID>),
}
impl RefKind for OneOrMultipleRefs {
fn err_str() -> &'static str {
"an entity uid or set of entity uids"
}
fn create_slot(errs: &mut ParseErrors, loc: &Loc) -> Option<Self> {
errs.push(ToASTError::new(
RefCreationError::two_expected(Ref::Single, Ref::Set, Ref::Template).into(),
loc.clone(),
));
None
}
fn create_single_ref(e: EntityUID, _errs: &mut ParseErrors, _loc: &Loc) -> Option<Self> {
Some(OneOrMultipleRefs::Single(e))
}
fn create_multiple_refs(
es: Vec<EntityUID>,
_errs: &mut ParseErrors,
_loc: &Loc,
) -> Option<Self> {
Some(OneOrMultipleRefs::Multiple(es))
}
}
impl Node<Option<cst::Or>> {
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let or = self.as_inner()?;
let maybe_first = or.initial.to_expr_or_special(errs);
let mut more = or.extended.iter().filter_map(|i| i.to_expr(errs));
let maybe_second = more.next();
let rest: Vec<_> = more.collect();
match (maybe_first, maybe_second, rest.len(), or.extended.len()) {
(f, None, _, 0) => f,
(Some(f), Some(s), r, e) if 1 + r == e => {
f.into_expr(errs).map(|e| ExprOrSpecial::Expr {
expr: construct_expr_or(e, s, rest, &self.loc),
loc: self.loc.clone(),
})
}
_ => None,
}
}
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let or = self.as_inner()?;
match or.extended.len() {
0 => or.initial.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a `||` expression",
None::<String>,
)));
None
}
}
}
}
impl Node<Option<cst::And>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let and = self.as_inner()?;
match and.extended.len() {
0 => and.initial.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a `&&` expression",
None::<String>,
)));
None
}
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let and = self.as_inner()?;
let maybe_first = and.initial.to_expr_or_special(errs);
let mut more = and.extended.iter().filter_map(|i| i.to_expr(errs));
let maybe_second = more.next();
let rest: Vec<_> = more.collect();
match (maybe_first, maybe_second, rest.len(), and.extended.len()) {
(f, None, _, 0) => f,
(Some(f), Some(s), r, e) if 1 + r == e => {
f.into_expr(errs).map(|e| ExprOrSpecial::Expr {
expr: construct_expr_and(e, s, rest, &self.loc),
loc: self.loc.clone(),
})
}
_ => None,
}
}
}
impl Node<Option<cst::Relation>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let rel = self.as_inner()?;
match rel {
cst::Relation::Common { initial, extended } => match extended.len() {
0 => initial.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a binary operator",
None::<String>,
)));
None
}
},
cst::Relation::Has { .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a `has` expression",
None::<String>,
)));
None
}
cst::Relation::Like { .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a `like` expression",
None::<String>,
)));
None
}
cst::Relation::IsIn { .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"an `is` expression",
None::<String>,
)));
None
}
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let rel = self.as_inner()?;
match rel {
cst::Relation::Common { initial, extended } => {
let maybe_first = initial.to_expr_or_special(errs);
let mut more = extended
.iter()
.filter_map(|(op, i)| i.to_expr(errs).map(|e| (op, e)));
let maybe_second = more.next();
let _rest: Vec<_> = more.collect();
match (maybe_first, maybe_second, extended.len()) {
(_, _, len) if len > 1 => {
errs.push(self.to_ast_err(ToASTErrorKind::AmbiguousOperators));
None
}
(_, None, 1) => None,
(f, None, 0) => f,
(Some(f), Some((op, s)), _) => f.into_expr(errs).map(|e| {
Some(ExprOrSpecial::Expr {
expr: construct_expr_rel(e, *op, s, self.loc.clone(), errs)?,
loc: self.loc.clone(),
})
})?,
_ => None,
}
}
cst::Relation::Has { target, field } => {
match (
target.to_expr(errs),
field.to_expr_or_special(errs)?.into_valid_attr(errs),
) {
(Some(t), Some(s)) => Some(ExprOrSpecial::Expr {
expr: construct_expr_has(t, s, self.loc.clone()),
loc: self.loc.clone(),
}),
_ => None,
}
}
cst::Relation::Like { target, pattern } => {
match (
target.to_expr(errs),
pattern.to_expr_or_special(errs)?.into_pattern(errs),
) {
(Some(t), Some(s)) => Some(ExprOrSpecial::Expr {
expr: construct_expr_like(t, s, self.loc.clone()),
loc: self.loc.clone(),
}),
_ => None,
}
}
cst::Relation::IsIn {
target,
entity_type,
in_entity,
} => match (
target.to_expr(errs),
entity_type.to_expr_or_special(errs)?.into_name(errs),
) {
(Some(t), Some(n)) => match in_entity {
Some(in_entity) => in_entity.to_expr(errs).map(|in_entity| {
Some(ExprOrSpecial::Expr {
expr: construct_expr_and(
construct_expr_is(t.clone(), n, self.loc.clone()),
construct_expr_rel(
t,
cst::RelOp::In,
in_entity,
self.loc.clone(),
errs,
)?,
std::iter::empty(),
&self.loc,
),
loc: self.loc.clone(),
})
})?,
None => Some(ExprOrSpecial::Expr {
expr: construct_expr_is(t, n, self.loc.clone()),
loc: self.loc.clone(),
}),
},
_ => None,
},
}
}
}
impl Node<Option<cst::Add>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let add = self.as_inner()?;
match add.extended.len() {
0 => add.initial.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(T::err_str(), "a `+/-` expression", Some("entity types and namespaces cannot use `+` or `-` characters -- perhaps try `_` or `::` instead?"))));
None
}
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
pub(crate) fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let add = self.as_inner()?;
let maybe_first = add.initial.to_expr_or_special(errs);
let more: Vec<(cst::AddOp, _)> = add
.extended
.iter()
.filter_map(|&(op, ref i)| i.to_expr(errs).map(|e| (op, e)))
.collect();
if !more.is_empty() {
Some(ExprOrSpecial::Expr {
expr: construct_expr_add(maybe_first?.into_expr(errs)?, more, &self.loc),
loc: self.loc.clone(),
})
} else {
maybe_first
}
}
}
impl Node<Option<cst::Mult>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let mult = self.as_inner()?;
match mult.extended.len() {
0 => mult.initial.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"a `*` expression",
None::<String>,
)));
None
}
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let mult = self.as_inner()?;
let maybe_first = mult.initial.to_expr_or_special(errs);
let more: Vec<(cst::MultOp, _)> = mult
.extended
.iter()
.filter_map(|&(op, ref i)| i.to_expr(errs).map(|e| (op, e)))
.collect();
if !more.is_empty() {
let first = maybe_first?.into_expr(errs)?;
for (op, _) in &more {
match op {
cst::MultOp::Times => {}
cst::MultOp::Divide => {
errs.push(self.to_ast_err(ToASTErrorKind::UnsupportedDivision));
return None;
}
cst::MultOp::Mod => {
errs.push(self.to_ast_err(ToASTErrorKind::UnsupportedModulo));
return None;
}
}
}
let (constantints, nonconstantints): (Vec<ast::Expr>, Vec<ast::Expr>) =
std::iter::once(first)
.chain(more.into_iter().map(|(_, e)| e))
.partition(|e| {
matches!(e.expr_kind(), ast::ExprKind::Lit(ast::Literal::Long(_)))
});
let constantints = constantints
.into_iter()
.map(|e| match e.expr_kind() {
ast::ExprKind::Lit(ast::Literal::Long(i)) => *i,
#[allow(clippy::unreachable)]
_ => unreachable!(
"checked it matched ast::ExprKind::Lit(ast::Literal::Long(_)) above"
),
})
.collect::<Vec<Integer>>();
if nonconstantints.len() > 1 {
errs.push(self.to_ast_err(ToASTErrorKind::NonConstantMultiplication));
None
} else if nonconstantints.is_empty() {
#[allow(clippy::indexing_slicing)]
Some(ExprOrSpecial::Expr {
expr: construct_expr_mul(
construct_expr_num(constantints[0], self.loc.clone()),
constantints[1..].iter().copied(),
&self.loc,
),
loc: self.loc.clone(),
})
} else {
#[allow(clippy::expect_used)]
let nonconstantint: ast::Expr = nonconstantints
.into_iter()
.next()
.expect("already checked that it's not empty");
Some(ExprOrSpecial::Expr {
expr: construct_expr_mul(nonconstantint, constantints, &self.loc),
loc: self.loc.clone(),
})
}
} else {
maybe_first
}
}
}
impl Node<Option<cst::Unary>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let unary = self.as_inner()?;
match &unary.op {
Some(op) => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
format!("a `{op}` expression"),
None::<String>,
)));
None
}
None => unary.item.to_ref_or_refs::<T>(errs, var),
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let unary = self.as_inner()?;
let mut maybe_item = || unary.item.to_expr_or_special(errs);
match unary.op {
None => maybe_item(),
Some(cst::NegOp::Bang(0)) => maybe_item(),
Some(cst::NegOp::Dash(0)) => maybe_item(),
Some(cst::NegOp::Bang(n)) => {
let item = maybe_item().and_then(|i| i.into_expr(errs));
if n % 2 == 0 {
item.map(|i| ExprOrSpecial::Expr {
expr: construct_expr_not(
construct_expr_not(i, self.loc.clone()),
self.loc.clone(),
),
loc: self.loc.clone(),
})
} else {
item.map(|i| ExprOrSpecial::Expr {
expr: construct_expr_not(i, self.loc.clone()),
loc: self.loc.clone(),
})
}
}
Some(cst::NegOp::Dash(c)) => {
let (last, rc) = if let Some(cst::Literal::Num(n)) = unary.item.to_lit() {
match n.cmp(&(i64::MAX as u64 + 1)) {
Ordering::Equal => (
Some(construct_expr_num(i64::MIN, unary.item.loc.clone())),
c - 1,
),
Ordering::Less => (
Some(construct_expr_num(-(*n as i64), unary.item.loc.clone())),
c - 1,
),
Ordering::Greater => {
errs.push(self.to_ast_err(ToASTErrorKind::IntegerLiteralTooLarge(*n)));
(None, 0)
}
}
} else {
(maybe_item().and_then(|i| i.into_expr(errs)), c)
};
(0..rc)
.fold(last, |r, _| {
r.map(|e| (construct_expr_neg(e, self.loc.clone())))
})
.map(|expr| ExprOrSpecial::Expr {
expr,
loc: self.loc.clone(),
})
}
Some(cst::NegOp::OverBang) => {
errs.push(self.to_ast_err(ToASTErrorKind::UnaryOpLimit(ast::UnaryOp::Not)));
None
}
Some(cst::NegOp::OverDash) => {
errs.push(self.to_ast_err(ToASTErrorKind::UnaryOpLimit(ast::UnaryOp::Neg)));
None
}
}
}
}
enum AstAccessor {
Field(ast::Id),
Call(Vec<ast::Expr>),
Index(SmolStr),
}
impl Node<Option<cst::Member>> {
pub fn to_lit(&self) -> Option<&cst::Literal> {
let m = self.as_ref().node.as_ref()?;
if !m.access.is_empty() {
return None;
}
match m.item.as_ref().node.as_ref()? {
cst::Primary::Literal(lit) => lit.as_ref().node.as_ref(),
_ => None,
}
}
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let mem = self.as_inner()?;
match mem.access.len() {
0 => mem.item.to_ref_or_refs::<T>(errs, var),
_n => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(T::err_str(), "a `.` expression", Some("entity types and namespaces cannot use `.` characters -- perhaps try `_` or `::` instead?"))));
None
}
}
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let mem = self.as_inner()?;
let maybe_prim = mem.item.to_expr_or_special(errs);
let mut accessors: Vec<_> = mem.access.iter().map(|a| a.to_access(errs)).collect();
let mut head = maybe_prim;
let mut tail = &mut accessors[..];
loop {
use AstAccessor::*;
use ExprOrSpecial::*;
match (&mut head, tail) {
(_, []) => break head,
(_, [None, Some(Call(_)), rest @ ..]) => {
head = None;
tail = rest;
}
(_, [None, rest @ ..]) => {
head = None;
tail = rest;
}
(Some(Name { name, .. }), [Some(Call(a)), rest @ ..]) => {
let args = std::mem::take(a);
let nn = mem::replace(
name,
ast::Name::unqualified_name(ast::Id::new_unchecked("")),
);
head = nn.into_func(args, errs, self.loc.clone()).map(|expr| Expr {
expr,
loc: self.loc.clone(),
});
tail = rest;
}
(Some(Var { var, .. }), [Some(Call(_)), rest @ ..]) => {
errs.push(self.to_ast_err(ToASTErrorKind::VariableCall(*var)));
head = None;
tail = rest;
}
(_, [Some(Call(_)), rest @ ..]) => {
errs.push(self.to_ast_err(ToASTErrorKind::ExpressionCall));
head = None;
tail = rest;
}
(None, [Some(Field(_)), Some(Call(_)), rest @ ..]) => {
tail = rest;
}
(Some(Name { name, .. }), [Some(Field(f)), Some(Call(_)), rest @ ..]) => {
errs.push(self.to_ast_err(ToASTErrorKind::NoMethods(name.clone(), f.clone())));
head = None;
tail = rest;
}
(Some(Var { var, loc: var_loc }), [Some(Field(i)), Some(Call(a)), rest @ ..]) => {
let var = mem::replace(var, ast::Var::Principal);
let args = std::mem::take(a);
let id = mem::replace(i, ast::Id::new_unchecked(""));
head = id
.to_meth(
construct_expr_var(var, var_loc.clone()),
args,
errs,
&self.loc,
)
.map(|expr| Expr {
expr,
loc: self.loc.clone(),
});
tail = rest;
}
(Some(Expr { expr, .. }), [Some(Field(i)), Some(Call(a)), rest @ ..]) => {
let args = std::mem::take(a);
let expr = mem::replace(expr, ast::Expr::val(false));
let id = mem::replace(i, ast::Id::new_unchecked(""));
head = id.to_meth(expr, args, errs, &self.loc).map(|expr| Expr {
expr,
loc: self.loc.clone(),
});
tail = rest;
}
(
Some(StrLit { lit, loc: lit_loc }),
[Some(Field(i)), Some(Call(a)), rest @ ..],
) => {
let args = std::mem::take(a);
let id = mem::replace(i, ast::Id::new_unchecked(""));
let maybe_expr = match to_unescaped_string(lit) {
Ok(s) => Some(construct_expr_string(s, lit_loc.clone())),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
};
head = maybe_expr.and_then(|e| {
id.to_meth(e, args, errs, &self.loc).map(|expr| Expr {
expr,
loc: self.loc.clone(),
})
});
tail = rest;
}
(None, [Some(Field(_)) | Some(Index(_)), rest @ ..]) => {
tail = rest;
}
(Some(Name { name, .. }), [Some(Field(f)), rest @ ..]) => {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidAccess(
name.clone(),
f.to_string().into(),
)));
head = None;
tail = rest;
}
(Some(Name { name, .. }), [Some(Index(i)), rest @ ..]) => {
errs.push(
self.to_ast_err(ToASTErrorKind::InvalidIndex(name.clone(), i.clone())),
);
head = None;
tail = rest;
}
(Some(Var { var, loc: var_loc }), [Some(Field(i)), rest @ ..]) => {
let var = mem::replace(var, ast::Var::Principal);
let id = mem::replace(i, ast::Id::new_unchecked(""));
head = Some(Expr {
expr: construct_expr_attr(
construct_expr_var(var, var_loc.clone()),
id.into_smolstr(),
self.loc.clone(),
),
loc: self.loc.clone(),
});
tail = rest;
}
(Some(Expr { expr, .. }), [Some(Field(i)), rest @ ..]) => {
let expr = mem::replace(expr, ast::Expr::val(false));
let id = mem::replace(i, ast::Id::new_unchecked(""));
head = Some(Expr {
expr: construct_expr_attr(expr, id.into_smolstr(), self.loc.clone()),
loc: self.loc.clone(),
});
tail = rest;
}
(Some(StrLit { lit, loc: lit_loc }), [Some(Field(i)), rest @ ..]) => {
let id = mem::replace(i, ast::Id::new_unchecked(""));
let maybe_expr = match to_unescaped_string(lit) {
Ok(s) => Some(construct_expr_string(s, lit_loc.clone())),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
};
head = maybe_expr.map(|e| Expr {
expr: construct_expr_attr(e, id.into_smolstr(), self.loc.clone()),
loc: self.loc.clone(),
});
tail = rest;
}
(Some(Var { var, loc: var_loc }), [Some(Index(i)), rest @ ..]) => {
let var = mem::replace(var, ast::Var::Principal);
let s = mem::take(i);
head = Some(Expr {
expr: construct_expr_attr(
construct_expr_var(var, var_loc.clone()),
s,
self.loc.clone(),
),
loc: self.loc.clone(),
});
tail = rest;
}
(Some(Expr { expr, .. }), [Some(Index(i)), rest @ ..]) => {
let expr = mem::replace(expr, ast::Expr::val(false));
let s = mem::take(i);
head = Some(Expr {
expr: construct_expr_attr(expr, s, self.loc.clone()),
loc: self.loc.clone(),
});
tail = rest;
}
(Some(StrLit { lit, loc: lit_loc }), [Some(Index(i)), rest @ ..]) => {
let id = mem::take(i);
let maybe_expr = match to_unescaped_string(lit) {
Ok(s) => Some(construct_expr_string(s, lit_loc.clone())),
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
};
head = maybe_expr.map(|e| Expr {
expr: construct_expr_attr(e, id, self.loc.clone()),
loc: self.loc.clone(),
});
tail = rest;
}
}
}
}
}
impl Node<Option<cst::MemAccess>> {
fn to_access(&self, errs: &mut ParseErrors) -> Option<AstAccessor> {
let acc = self.as_inner()?;
match acc {
cst::MemAccess::Field(i) => {
let ident = i.to_valid_ident(errs);
ident.map(AstAccessor::Field)
}
cst::MemAccess::Call(args) => {
let conv_args: Vec<_> = args.iter().filter_map(|e| e.to_expr(errs)).collect();
if conv_args.len() == args.len() {
Some(AstAccessor::Call(conv_args))
} else {
None
}
}
cst::MemAccess::Index(index) => {
let s = index.to_expr_or_special(errs)?.into_string_literal(errs);
s.map(AstAccessor::Index)
}
}
}
}
impl Node<Option<cst::Primary>> {
fn to_ref_or_refs<T: RefKind>(&self, errs: &mut ParseErrors, var: ast::Var) -> Option<T> {
let prim = self.as_inner()?;
match prim {
cst::Primary::Slot(s) => {
let slot_ref = T::create_slot(errs, &self.loc)?;
let slot = s.as_inner()?;
if slot.matches(var) {
Some(slot_ref)
} else {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
format!("{slot} instead of ?{var}"),
None::<String>,
)));
None
}
}
cst::Primary::Literal(lit) => {
let found = match lit.as_inner() {
Some(lit) => format!("literal `{lit}`"),
None => "empty node".to_string(),
};
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
found,
None::<String>,
)));
None
}
cst::Primary::Ref(x) => T::create_single_ref(x.to_ref(errs)?, errs, &self.loc),
cst::Primary::Name(name) => {
let found = match name.as_inner() {
Some(name) => format!("name `{name}`"),
None => "name".to_string(),
};
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
found,
None::<String>,
)));
None
}
cst::Primary::Expr(x) => x.to_ref_or_refs::<T>(errs, var),
cst::Primary::EList(lst) => {
let v: Option<Vec<EntityUID>> =
lst.iter().map(|expr| expr.to_ref(var, errs)).collect();
T::create_multiple_refs(v?, errs, &self.loc)
}
cst::Primary::RInits(_) => {
errs.push(self.to_ast_err(ToASTErrorKind::wrong_node(
T::err_str(),
"record initializer",
None::<String>,
)));
None
}
}
}
pub(crate) fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_expr_or_special(errs)?.into_expr(errs)
}
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let prim = self.as_inner()?;
match prim {
cst::Primary::Literal(lit) => lit.to_expr_or_special(errs),
cst::Primary::Ref(r) => r.to_expr(errs).map(|expr| ExprOrSpecial::Expr {
expr,
loc: r.loc.clone(),
}),
cst::Primary::Slot(s) => s.clone().into_expr(errs).map(|expr| ExprOrSpecial::Expr {
expr,
loc: s.loc.clone(),
}),
#[allow(clippy::manual_map)]
cst::Primary::Name(n) => {
if let Some(var) = n.to_var(&mut ParseErrors::new()) {
Some(ExprOrSpecial::Var {
var,
loc: self.loc.clone(),
})
} else if let Some(name) = n.to_name(errs) {
Some(ExprOrSpecial::Name {
name,
loc: self.loc.clone(),
})
} else {
None
}
}
cst::Primary::Expr(e) => e.to_expr(errs).map(|expr| ExprOrSpecial::Expr {
expr,
loc: e.loc.clone(),
}),
cst::Primary::EList(es) => {
let list: Vec<_> = es.iter().filter_map(|e| e.to_expr(errs)).collect();
if list.len() == es.len() {
Some(ExprOrSpecial::Expr {
expr: construct_expr_set(list, self.loc.clone()),
loc: self.loc.clone(),
})
} else {
None
}
}
cst::Primary::RInits(is) => {
let rec: Vec<_> = is.iter().filter_map(|i| i.to_init(errs)).collect();
if rec.len() == is.len() {
match construct_expr_record(rec, self.loc.clone()) {
Ok(expr) => Some(ExprOrSpecial::Expr {
expr,
loc: self.loc.clone(),
}),
Err(e) => {
errs.push(e);
None
}
}
} else {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidAttributesInRecordLiteral));
None
}
}
}
}
pub fn to_string_literal(&self, errs: &mut ParseErrors) -> Option<SmolStr> {
let prim = self.as_inner()?;
match prim {
cst::Primary::Literal(lit) => lit.to_expr_or_special(errs)?.into_string_literal(errs),
_ => None,
}
}
}
impl Node<Option<cst::Slot>> {
fn into_expr(self, errs: &mut ParseErrors) -> Option<ast::Expr> {
match self.as_inner()?.try_into() {
Ok(slot_id) => Some(
ast::ExprBuilder::new()
.with_source_loc(self.loc)
.slot(slot_id),
),
Err(e) => {
errs.push(self.to_ast_err(e));
None
}
}
}
}
impl TryFrom<&cst::Slot> for ast::SlotId {
type Error = ToASTErrorKind;
fn try_from(slot: &cst::Slot) -> Result<Self, Self::Error> {
match slot {
cst::Slot::Principal => Ok(ast::SlotId::principal()),
cst::Slot::Resource => Ok(ast::SlotId::resource()),
cst::Slot::Other(slot) => Err(ToASTErrorKind::InvalidSlot(slot.clone())),
}
}
}
impl From<ast::SlotId> for cst::Slot {
fn from(slot: ast::SlotId) -> cst::Slot {
match slot {
ast::SlotId(ast::ValidSlotId::Principal) => cst::Slot::Principal,
ast::SlotId(ast::ValidSlotId::Resource) => cst::Slot::Resource,
}
}
}
impl Node<Option<cst::Name>> {
fn to_type_constraint(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
match self.as_inner() {
Some(_) => {
errs.push(self.to_ast_err(ToASTErrorKind::TypeConstraints));
None
}
None => Some(construct_expr_bool(true, self.loc.clone())),
}
}
pub(crate) fn to_name(&self, errs: &mut ParseErrors) -> Option<ast::Name> {
let name = self.as_inner()?;
let path: Vec<_> = name
.path
.iter()
.filter_map(|i| i.to_valid_ident(errs))
.collect();
let maybe_name = name.name.to_valid_ident(errs);
match (maybe_name, path.len()) {
(Some(r), len) if len == name.path.len() => Some(construct_name(path, r)),
_ => None,
}
}
fn to_ident(&self, errs: &mut ParseErrors) -> Option<&cst::Ident> {
let name = self.as_inner()?;
for id in &name.path {
id.to_valid_ident(errs);
}
if !name.path.is_empty() {
errs.push(self.to_ast_err(ToASTErrorKind::InvalidPath));
return None;
}
name.name.as_inner()
}
fn to_var(&self, errs: &mut ParseErrors) -> Option<ast::Var> {
let name = self.to_ident(errs)?;
match name {
cst::Ident::Principal => Some(ast::Var::Principal),
cst::Ident::Action => Some(ast::Var::Action),
cst::Ident::Resource => Some(ast::Var::Resource),
cst::Ident::Context => Some(ast::Var::Context),
n => {
errs.push(self.to_ast_err(ToASTErrorKind::ArbitraryVariable(n.to_string().into())));
None
}
}
}
}
impl ast::Name {
fn into_valid_attr(self, errs: &mut ParseErrors, loc: Loc) -> Option<SmolStr> {
if !self.path.is_empty() {
errs.push(ToASTError::new(
ToASTErrorKind::PathAsAttribute(self.to_string()),
loc,
));
None
} else {
Some(self.id.into_smolstr())
}
}
fn into_func(
self,
args: Vec<ast::Expr>,
errs: &mut ParseErrors,
loc: Loc,
) -> Option<ast::Expr> {
if self.path.is_empty() {
let id = self.id.as_ref();
if EXTENSION_STYLES.methods.contains(id)
|| matches!(id, "contains" | "containsAll" | "containsAny")
{
errs.push(ToASTError::new(
ToASTErrorKind::FunctionCallOnMethod(self.id),
loc,
));
return None;
}
}
if EXTENSION_STYLES.functions.contains(&self) {
Some(construct_ext_func(self, args, loc))
} else {
errs.push(ToASTError::new(ToASTErrorKind::NotAFunction(self), loc));
None
}
}
}
impl Node<Option<cst::Ref>> {
pub fn to_ref(&self, errs: &mut ParseErrors) -> Option<ast::EntityUID> {
let refr = self.as_inner()?;
match refr {
cst::Ref::Uid { path, eid } => {
let maybe_path = path.to_name(errs);
let maybe_eid = match eid
.as_valid_string(errs)
.map(|s| to_unescaped_string(s))
.transpose()
{
Ok(opt) => opt,
Err(escape_errs) => {
errs.extend(
escape_errs
.into_iter()
.map(|e| self.to_ast_err(ToASTErrorKind::Unescape(e))),
);
None
}
};
match (maybe_path, maybe_eid) {
(Some(p), Some(e)) => Some(construct_refr(p, e)),
_ => None,
}
}
cst::Ref::Ref { .. } => {
errs.push(self.to_ast_err(ToASTErrorKind::UnsupportedEntityLiterals));
None
}
}
}
fn to_expr(&self, errs: &mut ParseErrors) -> Option<ast::Expr> {
self.to_ref(errs)
.map(|euid| construct_expr_ref(euid, self.loc.clone()))
}
}
impl Node<Option<cst::Literal>> {
fn to_expr_or_special(&self, errs: &mut ParseErrors) -> Option<ExprOrSpecial<'_>> {
let lit = self.as_inner()?;
match lit {
cst::Literal::True => Some(ExprOrSpecial::Expr {
expr: construct_expr_bool(true, self.loc.clone()),
loc: self.loc.clone(),
}),
cst::Literal::False => Some(ExprOrSpecial::Expr {
expr: construct_expr_bool(false, self.loc.clone()),
loc: self.loc.clone(),
}),
cst::Literal::Num(n) => match Integer::try_from(*n) {
Ok(i) => Some(ExprOrSpecial::Expr {
expr: construct_expr_num(i, self.loc.clone()),
loc: self.loc.clone(),
}),
Err(_) => {
errs.push(self.to_ast_err(ToASTErrorKind::IntegerLiteralTooLarge(*n)));
None
}
},
cst::Literal::Str(s) => {
let maybe_str = s.as_valid_string(errs);
maybe_str.map(|lit| ExprOrSpecial::StrLit {
lit,
loc: self.loc.clone(),
})
}
}
}
}
impl Node<Option<cst::RecInit>> {
fn to_init(&self, errs: &mut ParseErrors) -> Option<(SmolStr, ast::Expr)> {
let lit = self.as_inner()?;
let maybe_attr = lit.0.to_expr_or_special(errs)?.into_valid_attr(errs);
let maybe_value = lit.1.to_expr(errs);
match (maybe_attr, maybe_value) {
(Some(s), Some(v)) => Some((s, v)),
_ => None,
}
}
}
#[allow(clippy::too_many_arguments)]
fn construct_template_policy(
id: ast::PolicyID,
annotations: ast::Annotations,
effect: ast::Effect,
principal: ast::PrincipalConstraint,
action: ast::ActionConstraint,
resource: ast::ResourceConstraint,
conds: Vec<ast::Expr>,
loc: &Loc,
) -> ast::Template {
let construct_template = |non_head_constraint| {
ast::Template::new(
id,
annotations,
effect,
principal,
action,
resource,
non_head_constraint,
)
};
let mut conds_iter = conds.into_iter();
if let Some(first_expr) = conds_iter.next() {
construct_template(match conds_iter.next() {
Some(e) => construct_expr_and(first_expr, e, conds_iter, loc),
None => first_expr,
})
} else {
construct_template(construct_expr_bool(true, loc.clone()))
}
}
fn construct_string_from_var(v: ast::Var) -> SmolStr {
match v {
ast::Var::Principal => "principal".into(),
ast::Var::Action => "action".into(),
ast::Var::Resource => "resource".into(),
ast::Var::Context => "context".into(),
}
}
fn construct_name(path: Vec<ast::Id>, id: ast::Id) -> ast::Name {
ast::Name {
id,
path: Arc::new(path),
}
}
fn construct_refr(p: ast::Name, n: SmolStr) -> ast::EntityUID {
let eid = ast::Eid::new(n);
ast::EntityUID::from_components(p, eid)
}
fn construct_expr_ref(r: ast::EntityUID, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).val(r)
}
fn construct_expr_num(n: Integer, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).val(n)
}
fn construct_expr_string(s: SmolStr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).val(s)
}
fn construct_expr_bool(b: bool, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).val(b)
}
fn construct_expr_neg(e: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).neg(e)
}
fn construct_expr_not(e: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).not(e)
}
fn construct_expr_var(v: ast::Var, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).var(v)
}
fn construct_expr_if(i: ast::Expr, t: ast::Expr, e: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).ite(i, t, e)
}
fn construct_expr_or(
f: ast::Expr,
s: ast::Expr,
chained: impl IntoIterator<Item = ast::Expr>,
loc: &Loc,
) -> ast::Expr {
let first = ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.or(f, s);
chained.into_iter().fold(first, |a, n| {
ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.or(a, n)
})
}
fn construct_expr_and(
f: ast::Expr,
s: ast::Expr,
chained: impl IntoIterator<Item = ast::Expr>,
loc: &Loc,
) -> ast::Expr {
let first = ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.and(f, s);
chained.into_iter().fold(first, |a, n| {
ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.and(a, n)
})
}
fn construct_expr_rel(
f: ast::Expr,
rel: cst::RelOp,
s: ast::Expr,
loc: Loc,
errs: &mut ParseErrors,
) -> Option<ast::Expr> {
let builder = ast::ExprBuilder::new().with_source_loc(loc.clone());
match rel {
cst::RelOp::Less => Some(builder.less(f, s)),
cst::RelOp::LessEq => Some(builder.lesseq(f, s)),
cst::RelOp::GreaterEq => Some(builder.greatereq(f, s)),
cst::RelOp::Greater => Some(builder.greater(f, s)),
cst::RelOp::NotEq => Some(builder.noteq(f, s)),
cst::RelOp::Eq => Some(builder.is_eq(f, s)),
cst::RelOp::In => Some(builder.is_in(f, s)),
cst::RelOp::InvalidSingleEq => {
errs.push(ToASTError::new(ToASTErrorKind::InvalidSingleEq, loc));
None
}
}
}
fn construct_expr_add(
f: ast::Expr,
chained: impl IntoIterator<Item = (cst::AddOp, ast::Expr)>,
loc: &Loc,
) -> ast::Expr {
let mut expr = f;
for (op, next_expr) in chained {
let builder = ast::ExprBuilder::new().with_source_loc(loc.clone());
expr = match op {
cst::AddOp::Plus => builder.add(expr, next_expr),
cst::AddOp::Minus => builder.sub(expr, next_expr),
};
}
expr
}
fn construct_expr_mul(
f: ast::Expr,
chained: impl IntoIterator<Item = Integer>,
loc: &Loc,
) -> ast::Expr {
let mut expr = f;
for next_expr in chained {
expr = ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.mul(expr, next_expr as Integer)
}
expr
}
fn construct_expr_has(t: ast::Expr, s: SmolStr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).has_attr(t, s)
}
fn construct_expr_attr(e: ast::Expr, s: SmolStr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).get_attr(e, s)
}
fn construct_expr_like(e: ast::Expr, s: Vec<PatternElem>, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).like(e, s)
}
fn construct_expr_is(e: ast::Expr, n: ast::Name, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new()
.with_source_loc(loc)
.is_entity_type(e, n)
}
fn construct_ext_func(name: ast::Name, args: Vec<ast::Expr>, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new()
.with_source_loc(loc)
.call_extension_fn(name, args)
}
fn construct_method_contains(e0: ast::Expr, e1: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new()
.with_source_loc(loc)
.contains(e0, e1)
}
fn construct_method_contains_all(e0: ast::Expr, e1: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new()
.with_source_loc(loc)
.contains_all(e0, e1)
}
fn construct_method_contains_any(e0: ast::Expr, e1: ast::Expr, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new()
.with_source_loc(loc)
.contains_any(e0, e1)
}
fn construct_ext_meth(n: String, args: Vec<ast::Expr>, loc: Loc) -> ast::Expr {
let id = ast::Id::new_unchecked(n);
let name = ast::Name::unqualified_name(id);
ast::ExprBuilder::new()
.with_source_loc(loc)
.call_extension_fn(name, args)
}
fn construct_expr_set(s: Vec<ast::Expr>, loc: Loc) -> ast::Expr {
ast::ExprBuilder::new().with_source_loc(loc).set(s)
}
fn construct_expr_record(
kvs: Vec<(SmolStr, ast::Expr)>,
loc: Loc,
) -> Result<ast::Expr, ToASTError> {
ast::ExprBuilder::new()
.with_source_loc(loc.clone())
.record(kvs)
.map_err(|e| match e {
ExprConstructionError::DuplicateKeyInRecordLiteral { key } => {
ToASTError::new(ToASTErrorKind::DuplicateKeyInRecordLiteral { key }, loc)
}
})
}
#[allow(clippy::panic)]
#[allow(clippy::indexing_slicing)]
#[cfg(test)]
mod tests {
use super::*;
use crate::{
ast::Expr,
parser::{err::ParseErrors, test_utils::*, *},
test_utils::*,
};
use cool_asserts::assert_matches;
use std::str::FromStr;
#[test]
fn show_expr1() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
if 7 then 6 > 5 else !5 || "thursday" && ((8) >= "fish")
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
assert!(errs.is_empty());
println!("{:?}", expr);
}
#[test]
fn show_expr2() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
[2,3,4].foo["hello"]
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
println!("{:?}", expr);
}
#[test]
fn show_expr3() {
let mut errs = ParseErrors::new();
let expr = text_to_cst::parse_expr(
r#"
"first".some_ident
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "some_ident");
}
_ => panic!("should be a get expr"),
}
let expr = text_to_cst::parse_expr(
r#"
1.some_ident
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "some_ident");
}
_ => panic!("should be a get expr"),
}
let expr = text_to_cst::parse_expr(
r#"
"first"["some string"]
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "some string");
}
_ => panic!("should be a get expr"),
}
}
#[test]
fn show_expr4() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
{"one":1,"two":2} has one
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::HasAttr { attr, .. } => {
assert_eq!(attr, "one");
}
_ => panic!("should be a has expr"),
}
}
#[test]
fn show_expr5() {
let mut errs = ParseErrors::new();
let expr = text_to_cst::parse_expr(
r#"
{"one":1,"two":2}.one
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "one");
}
_ => panic!("should be a get expr"),
}
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
{"one":1,"two":2}["one"]
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "one");
}
_ => panic!("should be a get expr"),
}
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
{"this is a valid map key+.-_%()":1,"two":2}["this is a valid map key+.-_%()"]
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "this is a valid map key+.-_%()");
}
_ => panic!("should be a get expr"),
}
}
#[test]
fn show_expr6_idents() {
let mut errs = ParseErrors::new();
let expr = text_to_cst::parse_expr(
r#"
{if true then a else b:"b"} ||
{if false then a else b:"b"}
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(expr.is_none());
assert!(errs.len() == 6);
errs.clear();
let expr = text_to_cst::parse_expr(
r#"
{principal:"principal"}
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
println!("{:?}", expr);
match expr.expr_kind() {
ast::ExprKind::Record { .. } => {}
_ => panic!("should be record"),
}
errs.clear();
let expr = text_to_cst::parse_expr(
r#"
{"principal":"principal"}
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
println!("{:?}", expr);
match expr.expr_kind() {
ast::ExprKind::Record { .. } => {}
_ => panic!("should be record"),
}
}
#[test]
fn reserved_idents1() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_expr(
r#"
The::true::path::to::"enlightenment".false
"#,
)
.expect("failed parse");
let convert = parse.to_expr(&mut errs);
println!("{:?}", errs);
assert!(errs.len() == 2);
assert!(convert.is_none());
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_expr(
r#"
if {if: true}.if then {"if":false}["if"] else {when:true}.permit
"#,
)
.expect("failed parse");
let convert = parse.to_expr(&mut errs);
println!("{:?}", errs);
assert!(errs.len() == 3);
assert!(convert.is_none());
}
#[test]
fn reserved_idents2() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_expr(
r#"
if {where: true}.like || {has:false}.in then {"like":false}["in"] else {then:true}.else
"#,
)
.expect("failed parse");
let convert = parse.to_expr(&mut errs);
println!("{:?}", errs);
assert!(errs.len() == 7);
assert!(convert.is_none());
}
#[test]
fn show_policy1() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(principal:p,action:a,resource:r)when{w}unless{u}advice{"doit"};
"#,
)
.expect("failed parse");
println!("{:#}", parse.as_inner().expect("internal parse error"));
let convert = parse.to_policy(ast::PolicyID::from_string("id"), &mut errs);
println!("{:?}", errs);
assert!(errs.len() == 6);
assert!(convert.is_none());
println!("{:?}", convert);
}
#[test]
fn show_policy2() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(principal,action,resource)when{true};
"#,
)
.expect("failed parse");
println!("{}", parse.as_inner().expect("internal parse error"));
println!("{:?}", parse.as_inner().expect("internal parse error"));
let convert = parse.to_policy(ast::PolicyID::from_string("id"), &mut errs);
assert!(convert.is_some());
println!("{:?}", convert);
}
#[test]
fn show_policy3() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(principal in User::"jane",action,resource);
"#,
)
.expect("failed parse");
println!("{}", parse.as_inner().expect("internal parse error"));
println!("{:?}", parse.as_inner().expect("internal parse error"));
let convert = parse
.to_policy(ast::PolicyID::from_string("id"), &mut errs)
.expect("failed convert");
assert!(errs.is_empty());
println!("{:?}", convert);
}
#[test]
fn show_policy4() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
forbid(principal in User::"jane",action,resource)unless{
context.group != "friends"
};
"#,
)
.expect("failed parse");
let convert = parse
.to_policy(ast::PolicyID::from_string("id"), &mut errs)
.expect("failed convert");
assert!(errs.is_empty());
println!("\n{:?}", convert);
}
#[test]
fn policy_annotations() {
let mut errs = ParseErrors::new();
let policy = text_to_cst::parse_policy(
r#"
@anno("good annotation")permit(principal,action,resource);
"#,
)
.expect("should parse")
.to_policy(ast::PolicyID::from_string("id"), &mut errs)
.expect("should be valid");
assert_matches!(
policy.annotation(&ast::AnyId::new_unchecked("anno")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "good annotation")
);
let mut errs = ParseErrors::new();
let policy = text_to_cst::parse_policy(
r#"
@anno("good annotation")
@anno2("good annotation")
@anno("oops, duplicate")
permit(principal,action,resource);
"#,
)
.expect("should parse")
.to_policy(ast::PolicyID::from_string("id"), &mut errs);
assert!(policy.is_none());
assert!(errs.len() == 1);
let mut errs = ParseErrors::new();
let policyset = text_to_cst::parse_policies(
r#"
@anno1("first")
permit(principal,action,resource);
@anno2("second")
permit(principal,action,resource);
@anno3a("third-a")
@anno3b("third-b")
permit(principal,action,resource);
"#,
)
.expect("should parse")
.to_policyset(&mut errs)
.expect("should be valid");
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy0"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno0")),
None
);
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy0"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno1")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "first")
);
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy1"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno2")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "second")
);
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy2"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno3a")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "third-a")
);
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy2"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno3b")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "third-b")
);
assert_matches!(
policyset
.get(&ast::PolicyID::from_string("policy2"))
.expect("should be a policy")
.annotation(&ast::AnyId::new_unchecked("anno3c")),
None
);
assert_eq!(
policyset
.get(&ast::PolicyID::from_string("policy2"))
.expect("should be a policy")
.annotations()
.count(),
2
);
assert_matches!(
text_to_cst::parse_policy(
r#"
@hi mom("this should be invalid")
permit(principal, action, resource);
"#,
),
Err(_)
);
assert_matches!(
text_to_cst::parse_policy(
r#"
@hi+mom("this should be invalid")
permit(principal, action, resource);
"#,
),
Err(_)
);
let mut errs = ParseErrors::new();
let policyset = text_to_cst::parse_policies(
r#"
@if("this is the annotation for `if`")
@then("this is the annotation for `then`")
@else("this is the annotation for `else`")
@true("this is the annotation for `true`")
@false("this is the annotation for `false`")
@in("this is the annotation for `in`")
@is("this is the annotation for `is`")
@like("this is the annotation for `like`")
@has("this is the annotation for `has`")
@principal("this is the annotation for `principal`") // not reserved at time of this writing, but we test it anyway
permit(principal, action, resource);
"#,
).expect("should parse")
.to_policyset(&mut errs)
.expect("should be valid");
let policy0 = policyset
.get(&ast::PolicyID::from_string("policy0"))
.expect("should be the right policy ID");
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("if")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `if`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("then")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `then`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("else")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `else`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("true")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `true`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("false")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `false`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("in")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `in`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("is")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `is`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("like")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `like`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("has")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `has`")
);
assert_matches!(
policy0.annotation(&ast::AnyId::new_unchecked("principal")),
Some(ast::Annotation { val, .. }) => assert_eq!(val.as_ref(), "this is the annotation for `principal`")
);
}
#[test]
fn fail_head1() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(
principal in [User::"jane",Group::"friends"],
action,
resource
);
"#,
)
.expect("failed parse");
println!("\n{:#}", parse.as_inner().expect("internal parse error"));
let convert = parse.to_policy(ast::PolicyID::from_string("id"), &mut errs);
println!("{:?}", errs);
assert!(errs.len() == 1);
assert!(convert.is_none());
}
#[test]
fn fail_head2() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(
principal in User::"jane",
action == if true then Photo::"view" else Photo::"edit",
resource
);
"#,
)
.expect("failed parse");
println!("{:#}", parse.as_inner().expect("internal parse error"));
let convert = parse.to_policy(ast::PolicyID::from_string("id"), &mut errs);
println!("{:?}", errs);
assert!(errs.len() == 1);
assert!(convert.is_none());
}
#[test]
fn fail_head3() {
let mut errs = ParseErrors::new();
let parse = text_to_cst::parse_policy(
r#"
permit(principal,action,resource,context);
"#,
)
.expect("failed parse");
let convert = parse.to_policy(ast::PolicyID::from_string("id"), &mut errs);
assert!(errs.len() == 1);
assert!(convert.is_none());
}
#[test]
fn method_call2() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
principal.contains(resource)
"#,
)
.expect("parse error")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_some());
assert!(errs.is_empty());
let e = text_to_cst::parse_expr(
r#"
contains(principal,resource)
"#,
)
.expect("parse error")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
assert!(errs.len() == 1);
}
#[test]
fn construct_record1() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
{one:"one"}
"#,
)
.expect("parse error")
.to_expr(&mut errs)
.expect("convert fail");
if let ast::ExprKind::Record { .. } = e.expr_kind() {
} else {
panic!("not a record")
}
println!("{e}");
let e = text_to_cst::parse_expr(
r#"
{"one":"one"}
"#,
)
.expect("parse error")
.to_expr(&mut errs)
.expect("convert fail");
if let ast::ExprKind::Record { .. } = e.expr_kind() {
} else {
panic!("not a record")
}
println!("{e}");
let e = text_to_cst::parse_expr(
r#"
{"one":"one",two:"two"}
"#,
)
.expect("parse error")
.to_expr(&mut errs)
.expect("convert fail");
if let ast::ExprKind::Record { .. } = e.expr_kind() {
} else {
panic!("not a record")
}
println!("{e}");
let e = text_to_cst::parse_expr(
r#"
{one:"one","two":"two"}
"#,
)
.expect("parse error")
.to_expr(&mut errs)
.expect("convert fail");
if let ast::ExprKind::Record { .. } = e.expr_kind() {
} else {
panic!("not a record")
}
println!("{e}");
let e = text_to_cst::parse_expr(
r#"
{one:"b\"","b\"":2}
"#,
)
.expect("parse error")
.to_expr(&mut errs)
.expect("convert fail");
if let ast::ExprKind::Record { .. } = e.expr_kind() {
} else {
panic!("not a record")
}
println!("{e}");
}
#[test]
fn construct_invalid_get() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
{"one":1, "two":"two"}[0]
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
assert!(errs.len() == 1);
let e = text_to_cst::parse_expr(
r#"
{"one":1, "two":"two"}[-1]
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
let e = text_to_cst::parse_expr(
r#"
{"one":1, "two":"two"}[true]
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
let e = text_to_cst::parse_expr(
r#"
{"one":1, "two":"two"}[one]
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
}
#[test]
fn construct_has() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
{"one":1,"two":2} has "arbitrary+ _string"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::HasAttr { attr, .. } => {
assert_eq!(attr, "arbitrary+ _string");
}
_ => panic!("should be a has expr"),
}
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
{"one":1,"two":2} has 1
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
assert!(errs.len() == 1);
}
#[test]
fn construct_like() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
"354 hams" like "*5*"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(pattern.to_string(), "*5*");
}
_ => panic!("should be a like expr"),
}
let e = text_to_cst::parse_expr(
r#"
"354 hams" like 354
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
assert!(errs.len() == 1);
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
"string\\with\\backslashes" like "string\\with\\backslashes"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(pattern.to_string(), r"string\\with\\backslashes");
}
_ => panic!("should be a like expr"),
}
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
"string\\with\\backslashes" like "string\*with\*backslashes"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(pattern.to_string(), r"string\*with\*backslashes");
}
_ => panic!("should be a like expr"),
}
let e = text_to_cst::parse_expr(
r#"
"string\*with\*escaped\*stars" like "string\*with\*escaped\*stars"
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
println!("{:?}", errs);
assert!(e.is_none());
assert!(errs.len() == 3); let expr: ast::Expr = text_to_cst::parse_expr(
r#"
"string*with*stars" like "string\*with\*stars"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(pattern.to_string(), "string\\*with\\*stars");
}
_ => panic!("should be a like expr"),
}
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
"string\\*with\\*backslashes\\*and\\*stars" like "string\\\*with\\\*backslashes\\\*and\\\*stars"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(
pattern.to_string(),
r"string\\\*with\\\*backslashes\\\*and\\\*stars"
);
}
_ => panic!("should be a like expr"),
}
let test_pattern = &vec![
PatternElem::Char('h'),
PatternElem::Char('e'),
PatternElem::Char('l'),
PatternElem::Char('l'),
PatternElem::Char('o'),
PatternElem::Char('\\'),
PatternElem::Char('0'),
PatternElem::Char('*'),
PatternElem::Char('\\'),
PatternElem::Char('*'),
];
let e1 = ast::Expr::like(ast::Expr::val("hello"), test_pattern.clone());
let s1 = format!("{e1}");
assert_eq!(s1, r#""hello" like "hello\\0\*\\\*""#);
let e2 = text_to_cst::parse_expr(&s1)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match e2.expr_kind() {
ast::ExprKind::Like { pattern, .. } => {
assert_eq!(pattern.get_elems(), test_pattern);
}
_ => panic!("should be a like expr"),
}
let s2 = format!("{e2}");
assert_eq!(s1, s2);
}
#[test]
fn issue_wf_5046() {
let policy = parse_policy(
Some("WF-5046".into()),
r#"permit(
principal,
action in [Action::"action"],
resource in G::""
) when {
true && ("" like "/gisterNatives\\*D")
};"#,
);
assert!(policy.is_ok());
}
#[test]
fn entity_access() {
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
User::"jane" has age
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::HasAttr { attr, .. } => {
assert_eq!(attr, "age");
}
_ => panic!("should be a has expr"),
}
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
User::"jane" has "arbitrary+ _string"
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::HasAttr { attr, .. } => {
assert_eq!(attr, "arbitrary+ _string");
}
_ => panic!("should be a has expr"),
}
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
User::"jane" has 1
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
assert!(e.is_none());
assert!(errs.len() == 1);
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
User::"jane".age
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "age");
}
_ => panic!("should be a get expr"),
}
let mut errs = ParseErrors::new();
let expr: ast::Expr = text_to_cst::parse_expr(
r#"
User::"jane"["arbitrary+ _string"]
"#,
)
.expect("failed parser")
.to_expr(&mut errs)
.expect("failed convert");
match expr.expr_kind() {
ast::ExprKind::GetAttr { attr, .. } => {
assert_eq!(attr, "arbitrary+ _string");
}
_ => panic!("should be a get expr"),
}
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
User::"jane"[age]
"#,
)
.expect("failed parser")
.to_expr(&mut errs);
assert!(e.is_none());
assert!(errs.len() == 1);
}
#[test]
fn relational_ops1() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(
r#"
3 >= 2 >= 1
"#,
)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_none());
let e = text_to_cst::parse_expr(
r#"
3 >= ("dad" in "dad")
"#,
)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(
r#"
(3 >= 2) == true
"#,
)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(
r#"
if 4 < 3 then 4 != 3 else 4 == 3 < 4
"#,
)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_none());
}
#[test]
fn arithmetic() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(r#" 2 + 4 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 2 + -5 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 2 - 5 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 2 * 5 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 2 * -5 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" context.size * 4 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 4 * context.size "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" context.size * context.scale "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_none());
let e = text_to_cst::parse_expr(r#" 5 + 10 + 90 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 5 + 10 - 90 * -2 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 5 + 10 * 90 - 2 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 5 - 10 - 90 - 2 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" 5 * context.size * 10 "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_expr(r#" context.size * 3 * context.scale "#)
.expect("parse error")
.to_expr(&mut errs);
assert!(e.is_none());
}
const CORRECT_TEMPLATES: [&str; 7] = [
r#"permit(principal == ?principal, action == Action::"action", resource == ?resource);"#,
r#"permit(principal in ?principal, action == Action::"action", resource in ?resource);"#,
r#"permit(principal in ?principal, action == Action::"action", resource in ?resource);"#,
r#"permit(principal in p::"principal", action == Action::"action", resource in ?resource);"#,
r#"permit(principal == p::"principal", action == Action::"action", resource in ?resource);"#,
r#"permit(principal in ?principal, action == Action::"action", resource in r::"resource");"#,
r#"permit(principal in ?principal, action == Action::"action", resource == r::"resource");"#,
];
#[test]
fn template_tests() {
for src in CORRECT_TEMPLATES {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_policy(src)
.expect("parse_error")
.to_policy_template(ast::PolicyID::from_string("i0"), &mut errs);
if e.is_none() {
panic!("Failed to create a policy template: {:?}", errs);
}
}
}
#[test]
fn var_type() {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_policy(
r#"
permit(principal,action,resource);
"#,
)
.expect("parse error")
.to_policy(ast::PolicyID::from_string("0"), &mut errs);
assert!(e.is_some());
let e = text_to_cst::parse_policy(
r#"
permit(principal:User,action,resource);
"#,
)
.expect("parse error")
.to_policy(ast::PolicyID::from_string("1"), &mut errs);
assert!(e.is_none());
}
#[test]
fn string_escapes() {
let test_valid = |s: &str| {
let r = parse_literal(&format!("\"{}\"", s.escape_default()));
assert!(r.is_ok());
assert_eq!(r.unwrap(), ast::Literal::String(s.into()));
};
test_valid("\t");
test_valid("\0");
test_valid("👍");
test_valid("🐈");
test_valid("\u{1F408}");
test_valid("abc\tde\\fg");
test_valid("aaa\u{1F408}bcd👍👍👍");
let test_invalid = |s: &str, en: usize| {
let r = parse_literal(&format!("\"{}\"", s));
assert!(r.is_err());
assert!(r.unwrap_err().len() == en);
};
test_invalid("\\a", 1);
test_invalid("\\b", 1);
test_invalid("\\\\aa\\p", 1);
test_invalid(r"\aaa\u{}", 2);
}
#[test]
fn unescape_err_positions() {
let assert_invalid_escape = |p_src| {
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("the input `\\q` is not a valid escape: InvalidEscape"));
});
};
assert_invalid_escape(r#"@foo("\q")permit(principal, action, resource);"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { "\q" };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { "\q".contains(0) };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { "\q".bar };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { "\q"["a"] };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { "" like "\q" };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { {}["\q"] };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { {"\q": 0} };"#);
assert_invalid_escape(r#"permit(principal, action, resource) when { User::"\q" };"#);
}
#[track_caller] fn expect_action_error(test: &str, euid_strs: Vec<&str>) {
let euids = euid_strs
.iter()
.map(|euid_str| {
EntityUID::from_str(euid_str).expect("Test was provided with invalid euid")
})
.collect::<Vec<_>>();
assert_matches!(parse_policyset(test), Err(es) => {
assert_eq!(es.len(), euids.len(),
"should have produced exactly {} parse errors, produced {}:\n{:?}",
euids.len(),
es.len(),
miette::Report::new(es)
);
for euid in euids {
expect_some_error_matches(
test,
&es,
&ExpectedErrorMessage::error_and_help(
&format!("expected an entity uid with the type `Action` but got `{euid}`"),
"action entities must have type `Action`, optionally in a namespace",
),
);
}
});
}
#[test]
fn action_checker() {
let euid = EntityUID::from_str("Action::\"view\"").unwrap();
assert!(euid_has_action_type(&euid));
let euid = EntityUID::from_str("Foo::Action::\"view\"").unwrap();
assert!(euid_has_action_type(&euid));
let euid = EntityUID::from_str("Foo::\"view\"").unwrap();
assert!(!euid_has_action_type(&euid));
let euid = EntityUID::from_str("Action::Foo::\"view\"").unwrap();
assert!(!euid_has_action_type(&euid));
}
#[test]
fn action_must_be_action() {
parse_policyset(r#"permit(principal, action == Action::"view", resource);"#)
.expect("Valid policy failed to parse");
parse_policyset(r#"permit(principal, action == Foo::Action::"view", resource);"#)
.expect("Valid policy failed to parse");
parse_policyset(r#"permit(principal, action in Action::"view", resource);"#)
.expect("Valid policy failed to parse");
parse_policyset(r#"permit(principal, action in Foo::Action::"view", resource);"#)
.expect("Valid policy failed to parse");
parse_policyset(r#"permit(principal, action in [Foo::Action::"view"], resource);"#)
.expect("Valid policy failed to parse");
parse_policyset(
r#"permit(principal, action in [Foo::Action::"view", Action::"view"], resource);"#,
)
.expect("Valid policy failed to parse");
expect_action_error(
r#"permit(principal, action == Foo::"view", resource);"#,
vec!["Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action == Action::Foo::"view", resource);"#,
vec!["Action::Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action == Bar::Action::Foo::"view", resource);"#,
vec!["Bar::Action::Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action in Bar::Action::Foo::"view", resource);"#,
vec!["Bar::Action::Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action in [Bar::Action::Foo::"view"], resource);"#,
vec!["Bar::Action::Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action in [Bar::Action::Foo::"view", Action::"check"], resource);"#,
vec!["Bar::Action::Foo::\"view\""],
);
expect_action_error(
r#"permit(principal, action in [Bar::Action::Foo::"view", Foo::"delete", Action::"check"], resource);"#,
vec!["Bar::Action::Foo::\"view\"", "Foo::\"delete\""],
);
}
#[test]
fn method_style() {
let src = r#"permit(principal, action, resource)
when { contains(true) < 1 };"#;
assert_matches!(parse_policyset(src), Err(e) => {
expect_some_error_matches(src, &e, &ExpectedErrorMessage::error_and_help(
"`contains` is a method, not a function",
"use a method-style call: `e.contains(..)`",
));
});
}
#[test]
fn test_mul() {
for (es, expr) in [
("--2*3", Expr::mul(Expr::neg(Expr::val(-2)), 3)),
(
"1 * 2 * false",
Expr::mul(Expr::mul(Expr::val(false), 1), 2),
),
(
"0 * 1 * principal",
Expr::mul(Expr::mul(Expr::var(ast::Var::Principal), 0), 1),
),
(
"0 * (-1) * principal",
Expr::mul(Expr::mul(Expr::var(ast::Var::Principal), 0), -1),
),
] {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(es)
.expect("should construct a CST")
.to_expr(&mut errs)
.expect("should convert to AST");
assert!(
e.eq_shape(&expr),
"{:?} and {:?} should have the same shape.",
e,
expr
);
}
for es in [
r#"false * "bob""#,
"principal * (1 + 2)",
"principal * -(-1)",
"principal * --1",
] {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(es)
.expect("should construct a CST")
.to_expr(&mut errs);
assert!(e.is_none());
expect_some_error_matches(
es,
&errs,
&ExpectedErrorMessage::error("multiplication must be by an integer literal"),
);
}
}
#[test]
fn test_not() {
for (es, expr) in [
(
"!1 + 2 == 3",
Expr::is_eq(
Expr::add(Expr::not(Expr::val(1)), Expr::val(2)),
Expr::val(3),
),
),
(
"!!1 + 2 == 3",
Expr::is_eq(
Expr::add(Expr::not(Expr::not(Expr::val(1))), Expr::val(2)),
Expr::val(3),
),
),
(
"!!!1 + 2 == 3",
Expr::is_eq(
Expr::add(Expr::not(Expr::val(1)), Expr::val(2)),
Expr::val(3),
),
),
(
"!!!!1 + 2 == 3",
Expr::is_eq(
Expr::add(Expr::not(Expr::not(Expr::val(1))), Expr::val(2)),
Expr::val(3),
),
),
(
"!!(-1) + 2 == 3",
Expr::is_eq(
Expr::add(Expr::not(Expr::not(Expr::val(-1))), Expr::val(2)),
Expr::val(3),
),
),
] {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(es)
.expect("should construct a CST")
.to_expr(&mut errs)
.expect("should convert to AST");
assert!(
e.eq_shape(&expr),
"{:?} and {:?} should have the same shape.",
e,
expr
);
}
}
#[test]
fn test_neg() {
for (es, expr) in [
("-(1 + 2)", Expr::neg(Expr::add(Expr::val(1), Expr::val(2)))),
("1-(2)", Expr::sub(Expr::val(1), Expr::val(2))),
("1-2", Expr::sub(Expr::val(1), Expr::val(2))),
("(-1)", Expr::val(-1)),
("-(-1)", Expr::neg(Expr::val(-1))),
("--1", Expr::neg(Expr::val(-1))),
("--(--1)", Expr::neg(Expr::neg(Expr::neg(Expr::val(-1))))),
("2--1", Expr::sub(Expr::val(2), Expr::val(-1))),
("-9223372036854775808", Expr::val(-(9223372036854775808))),
(
"--9223372036854775808",
Expr::neg(Expr::val(-9223372036854775808)),
),
(
"-(9223372036854775807)",
Expr::neg(Expr::val(9223372036854775807)),
),
] {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(es)
.expect("should construct a CST")
.to_expr(&mut errs)
.expect("should convert to AST");
assert!(
e.eq_shape(&expr),
"{:?} and {:?} should have the same shape.",
e,
expr
);
}
for (es, em) in [
(
"-9223372036854775809",
ExpectedErrorMessage::error_and_help(
"integer literal `9223372036854775809` is too large",
"maximum allowed integer literal is `9223372036854775807`",
),
),
(
"-(9223372036854775808)",
ExpectedErrorMessage::error_and_help(
"integer literal `9223372036854775808` is too large",
"maximum allowed integer literal is `9223372036854775807`",
),
),
] {
let mut errs = ParseErrors::new();
let e = text_to_cst::parse_expr(es)
.expect("should construct a CST")
.to_expr(&mut errs);
assert_matches!(e, None);
expect_err(es, &errs, &em);
}
}
#[test]
fn test_is_condition_ok() {
for (es, expr) in [
(
r#"User::"alice" is User"#,
Expr::is_entity_type(
Expr::val(r#"User::"alice""#.parse::<EntityUID>().unwrap()),
"User".parse().unwrap(),
),
),
(
r#"principal is User"#,
Expr::is_entity_type(Expr::var(ast::Var::Principal), "User".parse().unwrap()),
),
(
r#"principal.foo is User"#,
Expr::is_entity_type(
Expr::get_attr(Expr::var(ast::Var::Principal), "foo".into()),
"User".parse().unwrap(),
),
),
(
r#"1 is User"#,
Expr::is_entity_type(Expr::val(1), "User".parse().unwrap()),
),
(
r#"principal is User in Group::"friends""#,
Expr::and(
Expr::is_entity_type(Expr::var(ast::Var::Principal), "User".parse().unwrap()),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::val(r#"Group::"friends""#.parse::<EntityUID>().unwrap()),
),
),
),
(
r#"principal is User && principal in Group::"friends""#,
Expr::and(
Expr::is_entity_type(Expr::var(ast::Var::Principal), "User".parse().unwrap()),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::val(r#"Group::"friends""#.parse::<EntityUID>().unwrap()),
),
),
),
(
r#"principal is User || principal in Group::"friends""#,
Expr::or(
Expr::is_entity_type(Expr::var(ast::Var::Principal), "User".parse().unwrap()),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::val(r#"Group::"friends""#.parse::<EntityUID>().unwrap()),
),
),
),
(
r#"true && principal is User in principal"#,
Expr::and(
Expr::val(true),
Expr::and(
Expr::is_entity_type(
Expr::var(ast::Var::Principal),
"User".parse().unwrap(),
),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::var(ast::Var::Principal),
),
),
),
),
(
r#"principal is User in principal && true"#,
Expr::and(
Expr::and(
Expr::is_entity_type(
Expr::var(ast::Var::Principal),
"User".parse().unwrap(),
),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::var(ast::Var::Principal),
),
),
Expr::val(true),
),
),
(
r#"principal is A::B::C::User"#,
Expr::is_entity_type(
Expr::var(ast::Var::Principal),
"A::B::C::User".parse().unwrap(),
),
),
(
r#"principal is A::B::C::User in Group::"friends""#,
Expr::and(
Expr::is_entity_type(
Expr::var(ast::Var::Principal),
"A::B::C::User".parse().unwrap(),
),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::val(r#"Group::"friends""#.parse::<EntityUID>().unwrap()),
),
),
),
(
r#"if principal is User then 1 else 2"#,
Expr::ite(
Expr::is_entity_type(Expr::var(ast::Var::Principal), "User".parse().unwrap()),
Expr::val(1),
Expr::val(2),
),
),
(
r#"if principal is User in Group::"friends" then 1 else 2"#,
Expr::ite(
Expr::and(
Expr::is_entity_type(
Expr::var(ast::Var::Principal),
"User".parse().unwrap(),
),
Expr::is_in(
Expr::var(ast::Var::Principal),
Expr::val(r#"Group::"friends""#.parse::<EntityUID>().unwrap()),
),
),
Expr::val(1),
Expr::val(2),
),
),
(
r#"principal::"alice" is principal"#,
Expr::is_entity_type(
Expr::val(r#"principal::"alice""#.parse::<EntityUID>().unwrap()),
"principal".parse().unwrap(),
),
),
(
r#"foo::principal::"alice" is foo::principal"#,
Expr::is_entity_type(
Expr::val(r#"foo::principal::"alice""#.parse::<EntityUID>().unwrap()),
"foo::principal".parse().unwrap(),
),
),
(
r#"principal::foo::"alice" is principal::foo"#,
Expr::is_entity_type(
Expr::val(r#"principal::foo::"alice""#.parse::<EntityUID>().unwrap()),
"principal::foo".parse().unwrap(),
),
),
(
r#"resource::"thing" is resource"#,
Expr::is_entity_type(
Expr::val(r#"resource::"thing""#.parse::<EntityUID>().unwrap()),
"resource".parse().unwrap(),
),
),
(
r#"action::"do" is action"#,
Expr::is_entity_type(
Expr::val(r#"action::"do""#.parse::<EntityUID>().unwrap()),
"action".parse().unwrap(),
),
),
(
r#"context::"stuff" is context"#,
Expr::is_entity_type(
Expr::val(r#"context::"stuff""#.parse::<EntityUID>().unwrap()),
"context".parse().unwrap(),
),
),
] {
let e = parse_expr(es).unwrap();
assert!(
e.eq_shape(&expr),
"{:?} and {:?} should have the same shape.",
e,
expr
);
}
}
#[test]
fn is_scope() {
for (src, p, a, r) in [
(
r#"permit(principal is User, action, resource);"#,
PrincipalConstraint::is_entity_type("User".parse().unwrap()),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is principal, action, resource);"#,
PrincipalConstraint::is_entity_type("principal".parse().unwrap()),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is A::User, action, resource);"#,
PrincipalConstraint::is_entity_type("A::User".parse().unwrap()),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is User in Group::"thing", action, resource);"#,
PrincipalConstraint::is_entity_type_in(
"User".parse().unwrap(),
r#"Group::"thing""#.parse().unwrap(),
),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is principal in Group::"thing", action, resource);"#,
PrincipalConstraint::is_entity_type_in(
"principal".parse().unwrap(),
r#"Group::"thing""#.parse().unwrap(),
),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is A::User in Group::"thing", action, resource);"#,
PrincipalConstraint::is_entity_type_in(
"A::User".parse().unwrap(),
r#"Group::"thing""#.parse().unwrap(),
),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal is User in ?principal, action, resource);"#,
PrincipalConstraint::is_entity_type_in_slot("User".parse().unwrap()),
ActionConstraint::any(),
ResourceConstraint::any(),
),
(
r#"permit(principal, action, resource is Folder);"#,
PrincipalConstraint::any(),
ActionConstraint::any(),
ResourceConstraint::is_entity_type("Folder".parse().unwrap()),
),
(
r#"permit(principal, action, resource is Folder in Folder::"inner");"#,
PrincipalConstraint::any(),
ActionConstraint::any(),
ResourceConstraint::is_entity_type_in(
"Folder".parse().unwrap(),
r#"Folder::"inner""#.parse().unwrap(),
),
),
(
r#"permit(principal, action, resource is Folder in ?resource);"#,
PrincipalConstraint::any(),
ActionConstraint::any(),
ResourceConstraint::is_entity_type_in_slot("Folder".parse().unwrap()),
),
] {
let policy = parse_policy_template(None, src).unwrap();
assert_eq!(policy.principal_constraint(), &p);
assert_eq!(policy.action_constraint(), &a);
assert_eq!(policy.resource_constraint(), &r);
}
}
#[test]
fn is_err() {
let invalid_is_policies = [
(
r#"permit(principal in Group::"friends" is User, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found an `is` expression"),
),
(
r#"permit(principal, action, resource in Folder::"folder" is File);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found an `is` expression"),
),
(
r#"permit(principal is User == User::"Alice", action, resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the scope at the same time as `==`",
"try moving `is` into a `when` condition"
),
),
(
r#"permit(principal, action, resource is Doc == Doc::"a");"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the scope at the same time as `==`",
"try moving `is` into a `when` condition"
),
),
(
r#"permit(principal is User::"alice", action, resource);"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `User::"alice"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource is File::"f");"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `File::"f"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal is User in 1, action, resource);"#,
ExpectedErrorMessage::error(
"expected an entity uid or matching template slot, found literal `1`",
),
),
(
r#"permit(principal, action, resource is File in 1);"#,
ExpectedErrorMessage::error(
"expected an entity uid or matching template slot, found literal `1`",
),
),
(
r#"permit(principal is User in User, action, resource);"#,
ExpectedErrorMessage::error(
"expected an entity uid or matching template slot, found name `User`",
),
),
(
r#"permit(principal is User::"Alice" in Group::"f", action, resource);"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `User::"Alice"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource is File in File);"#,
ExpectedErrorMessage::error(
"expected an entity uid or matching template slot, found name `File`",
),
),
(
r#"permit(principal, action, resource is File::"file" in Folder::"folder");"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `File::"file"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal is 1, action, resource);"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `1`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource is 1);"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `1`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action is Action, resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is Action::"a", resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is Action in Action::"A", resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is Action in Action, resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is Action::"a" in Action::"b", resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is Action in ?action, resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal, action is ?action, resource);"#,
ExpectedErrorMessage::error_and_help(
"`is` cannot appear in the action scope",
"try moving `action is ..` into a `when` condition"
),
),
(
r#"permit(principal is User in ?resource, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?resource instead of ?principal"),
),
(
r#"permit(principal, action, resource is Folder in ?principal);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?principal instead of ?resource"),
),
(
r#"permit(principal is ?principal, action, resource);"#,
ExpectedErrorMessage::error_and_help(
"right hand side of an `is` expression must be an entity type name, but got `?principal`",
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource is ?resource);"#,
ExpectedErrorMessage::error_and_help(
"right hand side of an `is` expression must be an entity type name, but got `?resource`",
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource) when { principal is 1 };"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `1`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource) when { principal is User::"alice" in Group::"friends" };"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `User::"alice"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource) when { principal is ! User::"alice" in Group::"friends" };"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `!User::"alice"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource) when { principal is User::"alice" + User::"alice" in Group::"friends" };"#,
ExpectedErrorMessage::error_and_help(
r#"right hand side of an `is` expression must be an entity type name, but got `User::"alice" + User::"alice"`"#,
"try using `==` to test for equality"
),
),
(
r#"permit(principal, action, resource) when { principal is User in User::"alice" in Group::"friends" };"#,
ExpectedErrorMessage::error(
"unexpected token `in`"
),
),
(
r#"permit(principal, action, resource) when { principal is User == User::"alice" in Group::"friends" };"#,
ExpectedErrorMessage::error(
"unexpected token `==`"
),
),
];
for (p_src, expected) in invalid_is_policies {
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &expected);
});
}
}
#[test]
fn issue_255() {
let policy = r#"
permit (
principal == name-with-dashes::"Alice",
action,
resource
);
"#;
assert_matches!(
parse_policy(None, policy),
Err(e) => {
expect_some_error_matches(policy, &e, &ExpectedErrorMessage::error_and_help(
"expected an entity uid or matching template slot, found a `+/-` expression",
"entity types and namespaces cannot use `+` or `-` characters -- perhaps try `_` or `::` instead?",
));
}
);
}
#[test]
fn invalid_methods_function_calls() {
let invalid_exprs = [
(
r#"contains([], 1)"#,
ExpectedErrorMessage::error_and_help(
"`contains` is a method, not a function",
"use a method-style call: `e.contains(..)`",
),
),
(
r#"[].contains()"#,
ExpectedErrorMessage::error(
"call to `contains` requires exactly 1 argument, but got 0 arguments",
),
),
(
r#"[].contains(1, 2)"#,
ExpectedErrorMessage::error(
"call to `contains` requires exactly 1 argument, but got 2 arguments",
),
),
(
r#"[].containsAll()"#,
ExpectedErrorMessage::error(
"call to `containsAll` requires exactly 1 argument, but got 0 arguments",
),
),
(
r#"[].containsAll(1, 2)"#,
ExpectedErrorMessage::error(
"call to `containsAll` requires exactly 1 argument, but got 2 arguments",
),
),
(
r#"[].containsAny()"#,
ExpectedErrorMessage::error(
"call to `containsAny` requires exactly 1 argument, but got 0 arguments",
),
),
(
r#"[].containsAny(1, 2)"#,
ExpectedErrorMessage::error(
"call to `containsAny` requires exactly 1 argument, but got 2 arguments",
),
),
(
r#""1.1.1.1".ip()"#,
ExpectedErrorMessage::error_and_help(
"`ip` is a function, not a method",
"use a function-style call: `ip(..)`",
),
),
(
r#"greaterThan(1, 2)"#,
ExpectedErrorMessage::error_and_help(
"`greaterThan` is a method, not a function",
"use a method-style call: `e.greaterThan(..)`",
),
),
(
"[].bar()",
ExpectedErrorMessage::error("not a valid method name: `bar`"),
),
(
"bar([])",
ExpectedErrorMessage::error("`bar` is not a function"),
),
(
"principal()",
ExpectedErrorMessage::error_and_help(
"`principal(...)` is not a valid function call",
"variables cannot be called as functions",
),
),
(
"(1+1)()",
ExpectedErrorMessage::error(
"function calls must be of the form: `<name>(arg1, arg2, ...)`",
),
),
(
"foo.bar()",
ExpectedErrorMessage::error(
"attempted to call `foo.bar`, but `foo` does not have any methods",
),
),
];
for (src, expected) in invalid_exprs {
assert_matches!(parse_expr(src), Err(e) => {
expect_err(src, &e, &expected);
});
}
}
#[test]
fn invalid_slot() {
let invalid_policies = [
(
r#"permit(principal == ?resource, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?resource instead of ?principal"),
),
(
r#"permit(principal in ?resource, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?resource instead of ?principal"),
),
(
r#"permit(principal == ?foo, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?foo instead of ?principal"),
),
(
r#"permit(principal in ?foo, action, resource);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?foo instead of ?principal"),
),
(
r#"permit(principal, action, resource == ?principal);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?principal instead of ?resource"),
),
(
r#"permit(principal, action, resource in ?principal);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?principal instead of ?resource"),
),
(
r#"permit(principal, action, resource == ?baz);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?baz instead of ?resource"),
),
(
r#"permit(principal, action, resource in ?baz);"#,
ExpectedErrorMessage::error("expected an entity uid or matching template slot, found ?baz instead of ?resource"),
),
(
r#"permit(principal, action, resource) when { principal == ?foo};"#,
ExpectedErrorMessage::error_and_help(
"`?foo` is not a valid template slot",
"a template slot may only be `?principal` or `?resource`",
)
),
(
r#"permit(principal, action == ?action, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action in ?action, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action == ?principal, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action in ?principal, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action == ?resource, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action in ?resource, resource);"#,
ExpectedErrorMessage::error("expected single entity uid or set of entity uids, got: template slot"),
),
(
r#"permit(principal, action in [?bar], resource);"#,
ExpectedErrorMessage::error("expected single entity uid, got: template slot"),
),
];
for (p_src, expected) in invalid_policies {
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &expected);
});
let forbid_src = format!("forbid{}", &p_src[6..]);
assert_matches!(parse_policy_template(None, &forbid_src), Err(e) => {
expect_err(forbid_src.as_str(), &e, &expected);
});
}
}
#[test]
fn missing_scope_constraint() {
let p_src = "permit();";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("this policy is missing the `principal` variable in the scope"));
});
let p_src = "permit(principal);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("this policy is missing the `action` variable in the scope"));
});
let p_src = "permit(principal, action);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("this policy is missing the `resource` variable in the scope"));
});
}
#[test]
fn invalid_scope_constraint() {
let p_src = "permit(foo, action, resource);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"expected a variable that is valid in the policy scope; found: `foo`",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "foo");
});
let p_src = "permit(foo::principal, action, resource);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error(
"unexpected token `::`",
));
expect_source_snippet(p_src, &e, "::");
});
let p_src = "permit(resource, action, resource);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"found the variable `resource` where the variable `principal` must be used",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "resource");
});
let p_src = "permit(principal, principal, resource);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"found the variable `principal` where the variable `action` must be used",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "principal");
});
let p_src = "permit(principal, if, resource);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"expected a variable that is valid in the policy scope; found: `if`",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "if");
});
let p_src = "permit(principal, action, like);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"expected a variable that is valid in the policy scope; found: `like`",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "like");
});
let p_src = "permit(principal, action, principal);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"found the variable `principal` where the variable `resource` must be used",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "principal");
});
let p_src = "permit(principal, action, action);";
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"found the variable `action` where the variable `resource` must be used",
"policy scopes must contain a `principal`, `action`, and `resource` element in that order",
));
expect_source_snippet(p_src, &e, "action");
});
}
#[test]
fn invalid_scope_operator() {
let p_src = r#"permit(principal > User::"alice", action, resource);"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"not a valid policy scope constraint: >",
"policy scope constraints must be either `==`, `in`, `is`, or `_ is _ in _`"
));
});
let p_src = r#"permit(principal, action != Action::"view", resource);"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"not a valid policy scope constraint: !=",
"policy scope constraints must be either `==`, `in`, `is`, or `_ is _ in _`"
));
});
let p_src = r#"permit(principal, action, resource <= Folder::"things");"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"not a valid policy scope constraint: <=",
"policy scope constraints must be either `==`, `in`, `is`, or `_ is _ in _`"
));
});
let p_src = r#"permit(principal = User::"alice", action, resource);"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error_and_help(
"'=' is not a valid operator in Cedar",
"try using '==' instead",
));
});
}
#[test]
fn scope_action_eq_set() {
let p_src = r#"permit(principal, action == [Action::"view", Action::"edit"], resource);"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("the right hand side of equality in the policy scope must be a single entity uid or a template slot"));
});
}
#[test]
fn scope_action_in_set_set() {
let p_src = r#"permit(principal, action in [[Action::"view"]], resource);"#;
assert_matches!(parse_policy_template(None, p_src), Err(e) => {
expect_err(p_src, &e, &ExpectedErrorMessage::error("expected single entity uid, got: set of entity uids"));
});
}
#[test]
fn unsupported_ops() {
let src = "1/2";
assert_matches!(parse_expr(src), Err(e) => {
expect_err(src, &e, &ExpectedErrorMessage::error("division is not supported"));
});
let src = "7 % 3";
assert_matches!(parse_expr(src), Err(e) => {
expect_err(src, &e, &ExpectedErrorMessage::error("remainder/modulo is not supported"));
});
}
#[test]
fn over_unary() {
let src = "!!!!!!false";
assert_matches!(parse_expr(src), Err(e) => {
expect_err(src, &e, &ExpectedErrorMessage::error_and_help(
"too many occurrences of `!_`",
"cannot chain more the 4 applications of a unary operator"
));
});
let src = "-------0";
assert_matches!(parse_expr(src), Err(e) => {
expect_err(src, &e, &ExpectedErrorMessage::error_and_help(
"too many occurrences of `-_`",
"cannot chain more the 4 applications of a unary operator"
));
});
}
#[test]
fn arbitrary_variables() {
#[track_caller]
fn expect_arbitrary_var(name: &str) {
assert_matches!(parse_expr(name), Err(e) => {
expect_err(name, &e, &ExpectedErrorMessage::error_and_help(
"arbitrary variables are not supported; the valid Cedar variables are `principal`, `action`, `resource`, and `context`",
&format!("did you mean to enclose `{name}` in quotes to make a string?"),
));
})
}
expect_arbitrary_var("foo::principal");
expect_arbitrary_var("bar::action");
expect_arbitrary_var("baz::resource");
expect_arbitrary_var("buz::context");
expect_arbitrary_var("foo::principal");
expect_arbitrary_var("foo::bar::principal");
expect_arbitrary_var("principal::foo");
expect_arbitrary_var("principal::foo::bar");
expect_arbitrary_var("foo::principal::bar");
expect_arbitrary_var("foo");
expect_arbitrary_var("foo::bar");
expect_arbitrary_var("foo::bar::baz");
}
#[test]
fn empty_clause() {
#[track_caller]
fn expect_empty_clause(policy: &str, clause: &str) {
assert_matches!(parse_policy_template(None, policy), Err(e) => {
expect_err(policy, &e, &ExpectedErrorMessage::error(
&format!("`{clause}` condition clause cannot be empty")
));
})
}
expect_empty_clause("permit(principal, action, resource) when {};", "when");
expect_empty_clause("permit(principal, action, resource) unless {};", "unless");
expect_empty_clause(
"permit(principal, action, resource) when { principal has foo } when {};",
"when",
);
expect_empty_clause(
"permit(principal, action, resource) when { principal has foo } unless {};",
"unless",
);
expect_empty_clause(
"permit(principal, action, resource) when {} unless { resource.bar };",
"when",
);
expect_empty_clause(
"permit(principal, action, resource) unless {} unless { resource.bar };",
"unless",
);
}
#[test]
fn namespaced_attr() {
#[track_caller]
fn expect_namespaced_attr(expr: &str, name: &str) {
assert_matches!(parse_expr(expr), Err(e) => {
expect_err(expr, &e, &ExpectedErrorMessage::error(
&format!("`{name}` cannot be used as an attribute as it contains a namespace")
));
})
}
expect_namespaced_attr("principal has foo::bar", "foo::bar");
expect_namespaced_attr("principal has foo::bar::baz", "foo::bar::baz");
expect_namespaced_attr("principal has foo::principal", "foo::principal");
expect_namespaced_attr("{foo::bar: 1}", "foo::bar");
let expr = "principal has if::foo";
assert_matches!(parse_expr(expr), Err(e) => {
expect_err(expr, &e, &ExpectedErrorMessage::error(
&format!("this identifier is reserved and cannot be used: `if`")
));
})
}
#[test]
fn reserved_ident_var() {
#[track_caller]
fn expect_reserved_ident(name: &str, reserved: &str) {
assert_matches!(parse_expr(name), Err(e) => {
expect_err(name, &e, &ExpectedErrorMessage::error(
&format!("this identifier is reserved and cannot be used: `{reserved}`"),
));
})
}
expect_reserved_ident("if::principal", "if");
expect_reserved_ident("then::action", "then");
expect_reserved_ident("else::resource", "else");
expect_reserved_ident("true::context", "true");
expect_reserved_ident("false::bar::principal", "false");
expect_reserved_ident("foo::in::principal", "in");
expect_reserved_ident("foo::is::bar::principal", "is");
}
}