prototype

Signed-off-by: Shaobo He <[email protected]>
cedar-policy · Jan 9, 2025 · c056456 · c056456
1 parent 5073408
commit c056456
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 0 deletions.
diff --git a/cedar-policy-core/src/entities/conformance/err.rs b/cedar-policy-core/src/entities/conformance/err.rs
@@ -70,6 +70,10 @@ pub enum EntitySchemaConformanceError {
     #[error(transparent)]
     #[diagnostic(transparent)]
     ExtensionFunctionLookup(ExtensionFunctionLookup),
+    /// Returned when an entity is of an enumerated entity type but has invalid EID
+    #[error(transparent)]
+    #[diagnostic(transparent)]
+    InvalidEnumEntity(#[from] InvalidEnumEntity),
 }
 
 impl EntitySchemaConformanceError {
@@ -132,6 +136,16 @@ impl EntitySchemaConformanceError {
             err,
         })
     }
+
+    pub(crate) fn invalid_enum_entity(
+        uid: EntityUID,
+        choices: impl IntoIterator<Item = SmolStr>,
+    ) -> Self {
+        Self::InvalidEnumEntity(InvalidEnumEntity {
+            uid,
+            choices: choices.into_iter().collect(),
+        })
+    }
 }
 
 /// Error looking up an extension function. This error can occur when
@@ -277,3 +291,17 @@ impl Diagnostic for UnexpectedEntityTypeError {
         }
     }
 }
+
+/// Returned when an entity is of an enumerated entity type but has invalid EID
+//
+// CAUTION: this type is publicly exported in `cedar-policy`.
+// Don't make fields `pub`, don't make breaking changes, and use caution
+// when adding public methods.
+#[derive(Debug, Error, Diagnostic)]
+#[error("entity `{uid}` has invalid UID: `{}`", uid.eid().escaped())]
+pub struct InvalidEnumEntity {
+    /// Entity where the error occurred
+    uid: EntityUID,
+    /// Name of the attribute where the error occurred
+    choices: Vec<SmolStr>,
+}
diff --git a/cedar-policy-core/src/entities/json/entities.rs b/cedar-policy-core/src/entities/json/entities.rs
@@ -297,6 +297,18 @@ impl<'e, 's, S: Schema> EntityJsonParser<'e, 's, S> {
                 }
             }
         };
+        match &entity_schema_info {
+            EntitySchemaInfo::NonAction(desc) => {
+                if let Some(choices) = desc.choices() {
+                    if !choices.contains(uid.eid().as_ref()) {
+                        return Err(JsonDeserializationError::EntitySchemaConformance(
+                            EntitySchemaConformanceError::invalid_enum_entity(uid.clone(), choices),
+                        ));
+                    }
+                }
+            }
+            _ => {}
+        };
         let vparser = ValueParser::new(self.extensions);
         let attrs: HashMap<SmolStr, RestrictedExpr> = ejson
             .attrs