add new Array and Map types

biscuit-auth/Cargo.toml

@@ -49,6 +49,7 @@ uuid = { version = "1", optional = true }
 biscuit-parser = { version = "0.1.2", path = "../biscuit-parser" }
 biscuit-quote = { version = "0.2.2", optional = true, path = "../biscuit-quote" }
 chrono = { version = "0.4.26", optional = true, default-features = false, features = ["serde"] }
+serde_json = "1.0.117"
 
 
 [dev-dependencies]

biscuit-auth/examples/testcases.rs

@@ -154,6 +154,8 @@ fn run(target: String, root_key: Option<String>, test: bool, json: bool) {
 
  add_test_result(&mut results, closures(&target, &root, test));
 
+ add_test_result(&mut results, array_map(&target, &root, test));
+
  if json {
  let s = serde_json::to_string_pretty(&TestCases {
  root_private_key: hex::encode(root.private().to_bytes()),
@@ -1330,22 +1332,22 @@ fn expressions(target: &str, root: &KeyPair, test: bool) -> TestResult {
  check if hex:12ab === hex:12ab;
 
  // set contains
- check if [1, 2].contains(2);
- check if [2020-12-04T09:46:41+00:00, 2019-12-04T09:46:41+00:00].contains(2020-12-04T09:46:41+00:00);
- check if [true, false, true].contains(true);
- check if ["abc", "def"].contains("abc");
- check if [hex:12ab, hex:34de].contains(hex:34de);
- check if [1, 2].contains([2]);
+ check if {1, 2}.contains(2);
+ check if { 2020-12-04T09:46:41+00:00, 2019-12-04T09:46:41+00:00}.contains(2020-12-04T09:46:41+00:00);
+ check if {true, false, true}.contains(true);
+ check if {"abc", "def"}.contains("abc");
+ check if {hex:12ab, hex:34de}.contains(hex:34de);
+ check if {1, 2}.contains({2});
  // set strict equal
- check if [1, 2] === [1, 2];
+ check if {1, 2} === {1, 2};
  // set intersection
- check if [1, 2].intersection([2, 3]) === [2];
+ check if {1, 2}.intersection({2, 3}) === {2};
  // set union
- check if [1, 2].union([2, 3]) === [1, 2, 3];
+ check if {1, 2}.union({2, 3}) === {1, 2, 3};
  // chained method calls
- check if [1, 2, 3].intersection([1, 2]).contains(1);
+ check if {1, 2, 3}.intersection({1, 2}).contains(1);
  // chained method calls with unary method
- check if [1, 2, 3].intersection([1, 2]).length() === 2;
+ check if {1, 2, 3}.intersection({1, 2}).length() === 2;
  "#)
  .build_with_rng(&root, SymbolTable::default(), &mut rng)
  .unwrap();
@@ -2091,15 +2093,15 @@ fn closures(target: &str, root: &KeyPair, test: bool) -> TestResult {
  // boolean or laziness
  check if true || "x".intersection("x");
  // all
- check if [1,2,3].all($p -> $p > 0);
+ check if {1,2,3}.all($p -> $p > 0);
  // all
- check if ![1,2,3].all($p -> $p == 2);
+ check if !{1,2,3}.all($p -> $p == 2);
  // any
- check if [1,2,3].any($p -> $p > 2);
+ check if {1,2,3}.any($p -> $p > 2);
  // any
- check if ![1,2,3].any($p -> $p > 3);
+ check if !{1,2,3}.any($p -> $p > 3);
  // nested closures
- check if [1,2,3].any($p -> $p > 1 && [3,4,5].any($q -> $p == $q));
+ check if {1,2,3}.any($p -> $p > 1 && {3,4,5}.any($q -> $p == $q));
  "#
  )
  .build_with_rng(&root, SymbolTable::default(), &mut rng)
@@ -2131,6 +2133,59 @@ fn closures(target: &str, root: &KeyPair, test: bool) -> TestResult {
  }
 }
 
+fn array_map(target: &str, root: &KeyPair, test: bool) -> TestResult {
+ let mut rng: StdRng = SeedableRng::seed_from_u64(1234);
+ let title = "test array and map operations (v5 blocks)".to_string();
+ let filename = "test033_array_map".to_string();
+ let token;
+
+ let biscuit = biscuit!(
+ r#"
+ // array
+ check if [1, 2, 1].length() == 3;
+ check if ["a", "b"] != [1, 2, 3];
+ check if ["a", "b"] == ["a", "b"];
+ check if ["a", "b", "c"].contains("c");
+ check if [1, 2, 3].starts_with([1, 2]);
+ check if [4, 5, 6 ].ends_with([6]);
+ check if [1,2, "a"].get(2) == "a";
+ check if [1, 2].get(3) == null;
+ check if [1,2,3].all($p -> $p > 0);
+ check if [1,2,3].any($p -> $p > 2);
+ // map
+ check if { "a": 1 , "b": 2, "c": 3, "d": 4}.length() == 4;
+ check if { 1: "a" , 2: "b"} != { "a": 1 , "b": 2};
+ check if { 1: "a" , 2: "b"} == { 2: "b", 1: "a" };
+ check if { "a": 1 , "b": 2, "c": 3, "d": 4}.contains("d");
+ check if { "a": 1 , "b": 2, 1: "A" }.get("a") == 1;
+ check if { "a": 1 , "b": 2, 1: "A" }.get(1) == "A";
+ check if { "a": 1 , "b": 2, 1: "A" }.get("c") == null;
+ check if { "a": 1 , "b": 2, 1: "A" }.get(2) == null;
+ check if { "a": 1 , "b": 2 }.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3 );
+ check if { "a": 1 , "b": 2, 1: "A" }.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A" );
+ // nesting
+ check if { "user": { "id": 1, "roles": ["admin"] } }.get("user").get("roles").contains("admin");
+ "#
+ )
+ .build_with_rng(&root, SymbolTable::default(), &mut rng)
+ .unwrap();
+ token = print_blocks(&biscuit);
+
+ let data = write_or_load_testcase(target, &filename, root, &biscuit, test);
+
+ let mut validations = BTreeMap::new();
+ validations.insert(
+ "".to_string(),
+ validate_token(root, &data[..], "allow if true"),
+ );
+
+ TestResult {
+ title,
+ filename,
+ token,
+ validations,
+ }
+}
 fn print_blocks(token: &Biscuit) -> Vec<BlockContent> {
  let mut v = Vec::new();
 

biscuit-auth/samples/README.md

@@ -841,7 +841,7 @@ allow if true;
 
 revocation ids:
 - `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006`
-- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00`
+- `da16dfc6d0db04e3378dedce4f0250792646e53408a9116e6d5e1651a4ed692d257e1f7b107cdc40fe6e47257d9c189b0d66a83991d67459608ea1807a9a9b04`
 
 authorizer world:
 ```
@@ -919,7 +919,7 @@ allow if true;
 
 revocation ids:
 - `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006`
-- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00`
+- `da16dfc6d0db04e3378dedce4f0250792646e53408a9116e6d5e1651a4ed692d257e1f7b107cdc40fe6e47257d9c189b0d66a83991d67459608ea1807a9a9b04`
 
 authorizer world:
 ```
@@ -1246,17 +1246,17 @@ check if 2020-12-04T09:46:41Z >= 2019-12-04T09:46:41Z;
 check if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z;
 check if 2020-12-04T09:46:41Z === 2020-12-04T09:46:41Z;
 check if hex:12ab === hex:12ab;
-check if [1, 2].contains(2);
-check if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z);
-check if [false, true].contains(true);
-check if ["abc", "def"].contains("abc");
-check if [hex:12ab, hex:34de].contains(hex:34de);
-check if [1, 2].contains([2]);
-check if [1, 2] === [1, 2];
-check if [1, 2].intersection([2, 3]) === [2];
-check if [1, 2].union([2, 3]) === [1, 2, 3];
-check if [1, 2, 3].intersection([1, 2]).contains(1);
-check if [1, 2, 3].intersection([1, 2]).length() === 2;
+check if {1, 2}.contains(2);
+check if {2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z}.contains(2020-12-04T09:46:41Z);
+check if {false, true}.contains(true);
+check if {"abc", "def"}.contains("abc");
+check if {hex:12ab, hex:34de}.contains(hex:34de);
+check if {1, 2}.contains({2});
+check if {1, 2} === {1, 2};
+check if {1, 2}.intersection({2, 3}) === {2};
+check if {1, 2}.union({2, 3}) === {1, 2, 3};
+check if {1, 2, 3}.intersection({1, 2}).contains(1);
+check if {1, 2, 3}.intersection({1, 2}).length() === 2;
 ```
 
 ### validation
@@ -1303,21 +1303,21 @@ World {
  "check if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z",
  "check if 2020-12-04T09:46:41Z >= 2020-12-04T09:46:41Z",
  "check if 3 === 3",
- "check if [\"abc\", \"def\"].contains(\"abc\")",
- "check if [1, 2, 3].intersection([1, 2]).contains(1)",
- "check if [1, 2, 3].intersection([1, 2]).length() === 2",
- "check if [1, 2] === [1, 2]",
- "check if [1, 2].contains(2)",
- "check if [1, 2].contains([2])",
- "check if [1, 2].intersection([2, 3]) === [2]",
- "check if [1, 2].union([2, 3]) === [1, 2, 3]",
- "check if [2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z].contains(2020-12-04T09:46:41Z)",
- "check if [false, true].contains(true)",
- "check if [hex:12ab, hex:34de].contains(hex:34de)",
  "check if false === false",
  "check if hex:12ab === hex:12ab",
  "check if true",
  "check if true === true",
+ "check if {\"abc\", \"def\"}.contains(\"abc\")",
+ "check if {1, 2, 3}.intersection({1, 2}).contains(1)",
+ "check if {1, 2, 3}.intersection({1, 2}).length() === 2",
+ "check if {1, 2} === {1, 2}",
+ "check if {1, 2}.contains(2)",
+ "check if {1, 2}.contains({2})",
+ "check if {1, 2}.intersection({2, 3}) === {2}",
+ "check if {1, 2}.union({2, 3}) === {1, 2, 3}",
+ "check if {2019-12-04T09:46:41Z, 2020-12-04T09:46:41Z}.contains(2020-12-04T09:46:41Z)",
+ "check if {false, true}.contains(true)",
+ "check if {hex:12ab, hex:34de}.contains(hex:34de)",
  ],
  },
 ]
@@ -1916,7 +1916,7 @@ allow if true;
 ```
 
 revocation ids:
-- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d`
+- `899e1fa26d72b860fa6a6e6d58e71cc873230260dcb41d3390e0703c6e134d955defbd0741c23272ac6e6abb2066a23cff2fe815dc5e5bfd712d177cf74ee108`
 
 authorizer world:
 ```
@@ -1971,7 +1971,7 @@ allow if true;
 ```
 
 revocation ids:
-- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d`
+- `899e1fa26d72b860fa6a6e6d58e71cc873230260dcb41d3390e0703c6e134d955defbd0741c23272ac6e6abb2066a23cff2fe815dc5e5bfd712d177cf74ee108`
 
 authorizer world:
 ```
@@ -2325,7 +2325,7 @@ allow if true;
 ```
 
 revocation ids:
-- `117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b`
+- `04f9b08f5cf677aa890fd830a4acc2a0ec7d4c9e2657d65ac691ae6512b549184fd7c6deaf17c446f12324a1c454fe373290fe8981bae69cc6054de7312da00f`
 
 authorizer world:
 ```
@@ -2776,11 +2776,11 @@ check if false || true;
 check if (true || false) && true;
 check if !(false && "x".intersection("x"));
 check if true || "x".intersection("x");
-check if [1, 2, 3].all($p -> $p > 0);
-check if ![1, 2, 3].all($p -> $p == 2);
-check if [1, 2, 3].any($p -> $p > 2);
-check if ![1, 2, 3].any($p -> $p > 3);
-check if [1, 2, 3].any($p -> $p > 1 && [3, 4, 5].any($q -> $p == $q));
+check if {1, 2, 3}.all($p -> $p > 0);
+check if !{1, 2, 3}.all($p -> $p == 2);
+check if {1, 2, 3}.any($p -> $p > 2);
+check if !{1, 2, 3}.any($p -> $p > 3);
+check if {1, 2, 3}.any($p -> $p > 1 && {3, 4, 5}.any($q -> $p == $q));
 ```
 
 ### validation
@@ -2805,15 +2805,15 @@ World {
  ),
  checks: [
  "check if !(false && \"x\".intersection(\"x\"))",
- "check if ![1, 2, 3].all($p -> $p == 2)",
- "check if ![1, 2, 3].any($p -> $p > 3)",
  "check if !false && true",
+ "check if !{1, 2, 3}.all($p -> $p == 2)",
+ "check if !{1, 2, 3}.any($p -> $p > 3)",
  "check if (true || false) && true",
- "check if [1, 2, 3].all($p -> $p > 0)",
- "check if [1, 2, 3].any($p -> $p > 1 && [3, 4, 5].any($q -> $p == $q))",
- "check if [1, 2, 3].any($p -> $p > 2)",
  "check if false || true",
  "check if true || \"x\".intersection(\"x\")",
+ "check if {1, 2, 3}.all($p -> $p > 0)",
+ "check if {1, 2, 3}.any($p -> $p > 1 && {3, 4, 5}.any($q -> $p == $q))",
+ "check if {1, 2, 3}.any($p -> $p > 2)",
  ],
  },
 ]
@@ -2846,15 +2846,15 @@ World {
  ),
  checks: [
  "check if !(false && \"x\".intersection(\"x\"))",
- "check if ![1, 2, 3].all($p -> $p == 2)",
- "check if ![1, 2, 3].any($p -> $p > 3)",
  "check if !false && true",
+ "check if !{1, 2, 3}.all($p -> $p == 2)",
+ "check if !{1, 2, 3}.any($p -> $p > 3)",
  "check if (true || false) && true",
- "check if [1, 2, 3].all($p -> $p > 0)",
- "check if [1, 2, 3].any($p -> $p > 1 && [3, 4, 5].any($q -> $p == $q))",
- "check if [1, 2, 3].any($p -> $p > 2)",
  "check if false || true",
  "check if true || \"x\".intersection(\"x\")",
+ "check if {1, 2, 3}.all($p -> $p > 0)",
+ "check if {1, 2, 3}.any($p -> $p > 1 && {3, 4, 5}.any($q -> $p == $q))",
+ "check if {1, 2, 3}.any($p -> $p > 2)",
  ],
  },
 ]
@@ -2866,3 +2866,91 @@ World {
 
 result: `Err(Execution(ShadowedVariable))`
 
+
+------------------------------
+
+## test array and map operations (v5 blocks): test033_array_map.bc
+### token
+
+authority:
+symbols: ["a", "b", "c", "p", "d", "A", "kv", "id", "roles"]
+
+public keys: []
+
+```
+check if [1, 2, 1].length() == 3;
+check if ["a", "b"] != [1, 2, 3];
+check if ["a", "b"] == ["a", "b"];
+check if ["a", "b", "c"].contains("c");
+check if [1, 2, 3].starts_with([1, 2]);
+check if [4, 5, 6].ends_with([6]);
+check if [1, 2, "a"].get(2) == "a";
+check if [1, 2].get(3) == null;
+check if [1, 2, 3].all($p -> $p > 0);
+check if [1, 2, 3].any($p -> $p > 2);
+check if {"a": 1, "b": 2, "c": 3, "d": 4}.length() == 4;
+check if {1: "a", 2: "b"} != {"a": 1, "b": 2};
+check if {1: "a", 2: "b"} == {1: "a", 2: "b"};
+check if {"a": 1, "b": 2, "c": 3, "d": 4}.contains("d");
+check if {1: "A", "a": 1, "b": 2}.get("a") == 1;
+check if {1: "A", "a": 1, "b": 2}.get(1) == "A";
+check if {1: "A", "a": 1, "b": 2}.get("c") == null;
+check if {1: "A", "a": 1, "b": 2}.get(2) == null;
+check if {"a": 1, "b": 2}.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3);
+check if {1: "A", "a": 1, "b": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A");
+check if {"user": {"id": 1, "roles": ["admin"]}}.get("user").get("roles").contains("admin");
+```
+
+### validation
+
+authorizer code:
+```
+allow if true;
+```
+
+revocation ids:
+- `7096e2ad9ad5dcae778cea1cee800ffc38017196e56aed693810d0933bcecc804a723768c3b494fa23d99be59ca3588bfa806e3fe2dac29d0ca9e452b69ead09`
+
+authorizer world:
+```
+World {
+ facts: []
+ rules: []
+ checks: [
+ Checks {
+ origin: Some(
+ 0,
+ ),
+ checks: [
+ "check if [\"a\", \"b\", \"c\"].contains(\"c\")",
+ "check if [\"a\", \"b\"] != [1, 2, 3]",
+ "check if [\"a\", \"b\"] == [\"a\", \"b\"]",
+ "check if [1, 2, \"a\"].get(2) == \"a\"",
+ "check if [1, 2, 1].length() == 3",
+ "check if [1, 2, 3].all($p -> $p > 0)",
+ "check if [1, 2, 3].any($p -> $p > 2)",
+ "check if [1, 2, 3].starts_with([1, 2])",
+ "check if [1, 2].get(3) == null",
+ "check if [4, 5, 6].ends_with([6])",
+ "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\")",
+ "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4",
+ "check if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3)",
+ "check if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\")",
+ "check if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\")",
+ "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1",
+ "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null",
+ "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(1) == \"A\"",
+ "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(2) == null",
+ "check if {1: \"a\", 2: \"b\"} != {\"a\": 1, \"b\": 2}",
+ "check if {1: \"a\", 2: \"b\"} == {1: \"a\", 2: \"b\"}",
+ ],
+ },
+]
+ policies: [
+ "allow if true",
+]
+}
+```
+
+result: `Ok(0)`
+