Fix expected behaviouor for merging allowed types

Tit Petric · Tit Petric · commit d031ee77e85f · 2025-03-19T13:26:56.000+01:00
diff --git a/internal/policy/apply.go b/internal/policy/apply.go
@@ -375,6 +375,10 @@ func (t *Service) applyPartitions(policy user.Policy, session *user.SessionState
 
 				r.AllowedURLs = MergeAllowedURLs(r.AllowedURLs, v.AllowedURLs)
 
+				// When two or more non-empty policies are applied, only the
+				// fields restricted by all policies are in the resulting policy.
+				// A merge of `[a b]` and `[b c]` becomes `[b]`, as `b` is
+				// restricted by both of the policies.
 				if len(r.RestrictedTypes) == 0 {
 					r.RestrictedTypes = v.RestrictedTypes
 				} else {
@@ -387,13 +391,16 @@ func (t *Service) applyPartitions(policy user.Policy, session *user.SessionState
 					}
 				}
 
+				// When two or more non-empty policies are applied, the fields allowed
+				// are merged in the resulting policy. For an example, `[a b]` and `[b c]`,
+				// results in a polict that allows `[a b c]`.
 				if len(r.AllowedTypes) == 0 {
 					r.AllowedTypes = v.AllowedTypes
 				} else {
 					for _, t := range v.AllowedTypes {
 						for ri, rt := range r.AllowedTypes {
 							if t.Name == rt.Name {
-								r.AllowedTypes[ri].Fields = intersection(rt.Fields, t.Fields)
+								r.AllowedTypes[ri].Fields = appendIfMissing(rt.Fields, t.Fields...)
 							}
 						}
 					}
diff --git a/internal/policy/apply_test.go b/internal/policy/apply_test.go
@@ -759,7 +759,7 @@ func testPrepareApplyPolicies(tb testing.TB) (*policy.Service, []testApplyPolici
 				t.Helper()
 
 				want := map[string]user.AccessDefinition{
-					"a": { // It should get intersection of restricted types.
+					"a": {
 						RestrictedTypes: []graphql.Type{
 							{Name: "Country", Fields: []string{"code"}},
 							{Name: "Person", Fields: []string{"name"}},
@@ -777,12 +777,11 @@ func testPrepareApplyPolicies(tb testing.TB) (*policy.Service, []testApplyPolici
 			sessMatch: func(t *testing.T, s *user.SessionState) {
 				t.Helper()
 
-				// It should get intersection of allowed/restricted types.
 				want := map[string]user.AccessDefinition{
 					"a": {
 						AllowedTypes: []graphql.Type{
-							{Name: "Country", Fields: []string{"code"}},
-							{Name: "Person", Fields: []string{"name"}},
+							{Name: "Country", Fields: []string{"code", "name", "phone"}},
+							{Name: "Person", Fields: []string{"name", "height", "mass"}},
 						},
 						RestrictedTypes: []graphql.Type{
 							{Name: "Dog", Fields: []string{"name", "breed"}},

Original file line number	Diff line number	Diff line change
`@@ -375,6 +375,10 @@ func (t Service) applyPartitions(policy user.Policy, session user.SessionState`
`375`	`375`
`376`	`376`	`r.AllowedURLs = MergeAllowedURLs(r.AllowedURLs, v.AllowedURLs)`
`377`	`377`
	`378`	`+ // When two or more non-empty policies are applied, only the`
	`379`	`+ // fields restricted by all policies are in the resulting policy.`
	`380`	+ // A merge of `[a b]` and `[b c]` becomes `[b]`, as `b` is
	`381`	`+ // restricted by both of the policies.`
`378`	`382`	`if len(r.RestrictedTypes) == 0 {`
`379`	`383`	`r.RestrictedTypes = v.RestrictedTypes`
`380`	`384`	`} else {`
`@@ -387,13 +391,16 @@ func (t Service) applyPartitions(policy user.Policy, session user.SessionState`
`387`	`391`	`}`
`388`	`392`	`}`
`389`	`393`
	`394`	`+ // When two or more non-empty policies are applied, the fields allowed`
	`395`	+ // are merged in the resulting policy. For an example, `[a b]` and `[b c]`,
	`396`	+ // results in a polict that allows `[a b c]`.
`390`	`397`	`if len(r.AllowedTypes) == 0 {`
`391`	`398`	`r.AllowedTypes = v.AllowedTypes`
`392`	`399`	`} else {`
`393`	`400`	`for _, t := range v.AllowedTypes {`
`394`	`401`	`for ri, rt := range r.AllowedTypes {`
`395`	`402`	`if t.Name == rt.Name {`
`396`		`- r.AllowedTypes[ri].Fields = intersection(rt.Fields, t.Fields)`
	`403`	`+ r.AllowedTypes[ri].Fields = appendIfMissing(rt.Fields, t.Fields...)`
`397`	`404`	`}`
`398`	`405`	`}`
`399`	`406`	`}`