1199 feature add support for scoped lookup

core/database/CMakeLists.txt

@@ -17,6 +17,7 @@ if( ENABLE_FOXX_TESTS )
   add_test(NAME foxx_record COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_record")
   add_test(NAME foxx_repo COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_repo")
   add_test(NAME foxx_path COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_path")
+  add_test(NAME foxx_project COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_project")
   add_test(NAME foxx_db_fixtures COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_fixture_setup.sh")
   add_test(NAME foxx_version COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_version")
   add_test(NAME foxx_support COMMAND "${CMAKE_CURRENT_SOURCE_DIR}/tests/test_foxx.sh" -t "unit_support")
@@ -33,5 +34,6 @@ if( ENABLE_FOXX_TESTS )
   set_tests_properties(foxx_record PROPERTIES FIXTURES_REQUIRED Foxx)
   set_tests_properties(foxx_repo PROPERTIES FIXTURES_REQUIRED Foxx)
   set_tests_properties(foxx_path PROPERTIES FIXTURES_REQUIRED Foxx)
+  set_tests_properties(foxx_project PROPERTIES FIXTURES_REQUIRED Foxx)
   set_tests_properties(foxx_user_router PROPERTIES FIXTURES_REQUIRED "Foxx;FoxxDBFixtures")
 endif()

core/database/foxx/api/authz_router.js

@@ -5,8 +5,8 @@ const router = createRouter();
 const joi = require("joi");
 const g_db = require("@arangodb").db;
 const g_lib = require("./support");
-const authzModule = require("./authz");
-const { Repo, PathType } = require("./repo");
+const authzModule = require("./controllers/authz");
+const { Repo, PathType } = require("./controllers/repo");
 
 module.exports = router;
 
@@ -74,22 +74,40 @@ router
             // Determine permissions associated with path provided
             // Actions: read, write, create, delete, chdir, lookup
             if (Object.keys(authzModule.authz_strategy).includes(req.queryParams.act)) {
-                authzModule.authz_strategy[req.queryParams.act][path_type](
-                    client,
-                    req.queryParams.file,
-                );
+                if (
+                    authzModule.authz_strategy[req.queryParams.act][path_type](
+                        client,
+                        req.queryParams.file,
+                        repo,
+                    )
+                ) {
+                    console.log(
+                        "AUTHZ act: " +
+                            req.queryParams.act +
+                            " client: " +
+                            client._id +
+                            " path " +
+                            req.queryParams.file +
+                            " SUCCESS",
+                    );
+                } else {
+                    console.log(
+                        "AUTHZ act: " +
+                            req.queryParams.act +
+                            " client: " +
+                            client._id +
+                            " path " +
+                            req.queryParams.file +
+                            " DENIED",
+                    );
+                    throw [
+                        g_lib.ERR_PERM_DENIED,
+                        "Client (" + client._id + ") denied access to: " + req.queryParams.file,
+                    ];
+                }
             } else {
                 throw [g_lib.ERR_INVALID_PARAM, "Invalid gridFTP action: ", req.queryParams.act];
             }
-            console.log(
-                "AUTHZ act: " +
-                    req.queryParams.act +
-                    " client: " +
-                    client._id +
-                    " path " +
-                    req.queryParams.file +
-                    " SUCCESS",
-            );
         } catch (e) {
             g_lib.handleException(e, res);
         }