From 04c995fa9c9f45e56315c9cf51bfd8e7850cfb98 Mon Sep 17 00:00:00 2001 From: Blake Regalia Date: Thu, 5 Dec 2024 15:56:49 -0800 Subject: [PATCH] fix: quad filter --- .../org/openmbee/flexo/mms/GuardedPatch.kt | 8 +- .../flexo/mms/util/LinkedDataPlatform.kt | 76 ++++++++++++++++--- 2 files changed, 73 insertions(+), 11 deletions(-) diff --git a/src/main/kotlin/org/openmbee/flexo/mms/GuardedPatch.kt b/src/main/kotlin/org/openmbee/flexo/mms/GuardedPatch.kt index 62f4d75..3f32a0b 100644 --- a/src/main/kotlin/org/openmbee/flexo/mms/GuardedPatch.kt +++ b/src/main/kotlin/org/openmbee/flexo/mms/GuardedPatch.kt @@ -15,7 +15,11 @@ import org.openmbee.flexo.mms.server.SparqlUpdateRequest fun quadDataFilter(subjectIri: String): (Quad)->Boolean { return { - it.subject.isURI && it.subject.uri == subjectIri && !it.predicate.uri.contains(FORBIDDEN_PREDICATES_REGEX) + if(it.subject.isURI && it.subject.uri == subjectIri && it.predicate.uri.contains(FORBIDDEN_PREDICATES_REGEX)) { + throw Http400Exception("User not allowed to use IRIs in the namespace <${it.predicate.uri}>") + } + + true } } @@ -25,7 +29,7 @@ fun quadPatternFilter(subjectIri: String): (Quad)->Boolean { throw VariablesNotAllowedInUpdateException("subject") } else if(!it.subject.isURI || it.subject.uri != subjectIri) { - throw Http400Exception("All subjects must be exactly <${subjectIri}>. Refusing to evalute ${it.subject}") + throw Http400Exception("All subjects must be exactly <${subjectIri}>. Refusing to evaluate ${it.subject}") } else if(it.predicate.isVariable) { throw VariablesNotAllowedInUpdateException("predicate") diff --git a/src/test/kotlin/org/openmbee/flexo/mms/util/LinkedDataPlatform.kt b/src/test/kotlin/org/openmbee/flexo/mms/util/LinkedDataPlatform.kt index c15c53e..6352f96 100644 --- a/src/test/kotlin/org/openmbee/flexo/mms/util/LinkedDataPlatform.kt +++ b/src/test/kotlin/org/openmbee/flexo/mms/util/LinkedDataPlatform.kt @@ -495,18 +495,16 @@ class LinkedDataPlatformDirectContainerTests( } } - "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad delete" { + "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad delete data" { val createdBase = resourceCreator() // This creates a tuple withTest { httpPatch(resourcePath) { setSparqlUpdateBody( - withAllTestPrefixes( - """ - delete data { - <> mms:id . - } - """.trimIndent() - ) + withAllTestPrefixes(""" + delete data { + <> mms:id . + } + """.trimIndent()) ) }.apply { response shouldHaveStatus HttpStatusCode.BadRequest @@ -514,7 +512,7 @@ class LinkedDataPlatformDirectContainerTests( } } - "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad insert" { + "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad insert data" { val createdBase = resourceCreator() withTest { httpPatch(resourcePath) { @@ -528,6 +526,66 @@ class LinkedDataPlatformDirectContainerTests( } } } + + "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad delete pattern" { + val createdBase = resourceCreator() // This creates a tuple + withTest { + httpPatch(resourcePath) { + setSparqlUpdateBody( + withAllTestPrefixes(""" + delete { + <> mms:id . + } + where { + ?s ?p ?o . + } + """.trimIndent()) + ) + }.apply { + response shouldHaveStatus HttpStatusCode.BadRequest + } + } + } + + "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad insert pattern" { + val createdBase = resourceCreator() // This creates a tuple + withTest { + httpPatch(resourcePath) { + setSparqlUpdateBody( + withAllTestPrefixes(""" + insert { + <> mms:id . + } + where { + ?s ?p ?o . + } + """.trimIndent()) + ) + }.apply { + response shouldHaveStatus HttpStatusCode.BadRequest + } + } + } + + "PATCH $resourcePath - SPARQL UPDATE: patch branch with bad delete predicate variable" { + val createdBase = resourceCreator() // This creates a tuple + withTest { + httpPatch(resourcePath) { + setSparqlUpdateBody( + withAllTestPrefixes(""" + delete { + <> ?p . + } + where { + ?s ?p ?o . + } + """.trimIndent()) + ) + }.apply { + response shouldHaveStatus HttpStatusCode.BadRequest + } + } + } }