Loading services/helper/helper_service/services/visibility_control/core/visibility_control_core.py +18 −3 Original line number Diff line number Diff line Loading @@ -297,6 +297,7 @@ def get_discoverable_apis(api_invoker_id, all_apis): # No rules = default ALLOW (all APIs visible) return all_apis # Note: The rule can have ALLOW or DENY as default access. The point is to check the exceptions for the final decision (filtered APIs) has_allow_rules = any( rule.get('default_access', rule.get('defaultAccess', 'ALLOW')) == 'ALLOW' for rule in active_rules Loading @@ -318,6 +319,12 @@ def get_discoverable_apis(api_invoker_id, all_apis): def _invoker_allowed_by_rule(api_invoker_id, api, rules, default_allow_no_match=True): """ Note_CCG: Here we should only call the _rule_specificity (the list with the API and the winner rule). Before (out of this method) execute the logic to match rules with APIs and with the invoker. Then, we should check if the invoker is allowed or denied to discover each API based on the default access of the winner rule and the invoker exception. Note than even if a rule doesn´t explicitly mention invoker_id, it can affect the Invoker. Check if an invoker is allowed to see an API based on the rules. :param api_invoker_id: The invoker ID Loading @@ -339,6 +346,8 @@ def _invoker_allowed_by_rule(api_invoker_id, api, rules, default_allow_no_match= def _rule_matches_api(rule, api): """ Note_CCG: here we should have as result, for each API, the corresponding rules (zero, one or more) Check if a rule matches an API based on provider selector. :param rule: The visibility rule Loading Loading @@ -395,7 +404,9 @@ def _rule_matches_api(rule, api): def _rule_matches_invoker(rule, api_invoker_id): """ Check if a rule matches an invoker based on invoker selector. Note_CCG: Here we should call _rule_matches_api and filter, before choosing the winner rule, the rules that match with the Invoker. Consider that a rule can apply to an invoker even if the id is not explictly mentioned. :param rule: The visibility rule :param api_invoker_id: The invoker ID Loading @@ -419,6 +430,10 @@ def _rule_matches_invoker(rule, api_invoker_id): def _rule_specificity(rule): """ Note_CCG: to call here _rule_matches_invoker and use the result as an output to execute the specificity function. For each API, select the winner rule (the one with higher specificity). ---- Calculate rule specificity for ordering. Higher specificity = more specific selectors = higher priority. Loading Loading
services/helper/helper_service/services/visibility_control/core/visibility_control_core.py +18 −3 Original line number Diff line number Diff line Loading @@ -297,6 +297,7 @@ def get_discoverable_apis(api_invoker_id, all_apis): # No rules = default ALLOW (all APIs visible) return all_apis # Note: The rule can have ALLOW or DENY as default access. The point is to check the exceptions for the final decision (filtered APIs) has_allow_rules = any( rule.get('default_access', rule.get('defaultAccess', 'ALLOW')) == 'ALLOW' for rule in active_rules Loading @@ -318,6 +319,12 @@ def get_discoverable_apis(api_invoker_id, all_apis): def _invoker_allowed_by_rule(api_invoker_id, api, rules, default_allow_no_match=True): """ Note_CCG: Here we should only call the _rule_specificity (the list with the API and the winner rule). Before (out of this method) execute the logic to match rules with APIs and with the invoker. Then, we should check if the invoker is allowed or denied to discover each API based on the default access of the winner rule and the invoker exception. Note than even if a rule doesn´t explicitly mention invoker_id, it can affect the Invoker. Check if an invoker is allowed to see an API based on the rules. :param api_invoker_id: The invoker ID Loading @@ -339,6 +346,8 @@ def _invoker_allowed_by_rule(api_invoker_id, api, rules, default_allow_no_match= def _rule_matches_api(rule, api): """ Note_CCG: here we should have as result, for each API, the corresponding rules (zero, one or more) Check if a rule matches an API based on provider selector. :param rule: The visibility rule Loading Loading @@ -395,7 +404,9 @@ def _rule_matches_api(rule, api): def _rule_matches_invoker(rule, api_invoker_id): """ Check if a rule matches an invoker based on invoker selector. Note_CCG: Here we should call _rule_matches_api and filter, before choosing the winner rule, the rules that match with the Invoker. Consider that a rule can apply to an invoker even if the id is not explictly mentioned. :param rule: The visibility rule :param api_invoker_id: The invoker ID Loading @@ -419,6 +430,10 @@ def _rule_matches_invoker(rule, api_invoker_id): def _rule_specificity(rule): """ Note_CCG: to call here _rule_matches_invoker and use the result as an output to execute the specificity function. For each API, select the winner rule (the one with higher specificity). ---- Calculate rule specificity for ordering. Higher specificity = more specific selectors = higher priority. Loading