Merge pull request #577 from telefonicaid/fix/check_role_admin_in_service

Fix/check role admin in service

Author: fgalan

CHANGES_NEXT_RELEASE

@@ -1 +1 @@
-
+- Fix: check rol admin in service when local pdp

lib/services/pdp.js

@@ -88,13 +88,13 @@ function validationRequest(logger, roles, frn, action, headers, callback) {
         let matchedRole = null;
 
         for (const role of roles) {
-            const name = role.name || '';
-            const parts = name.split('#');
-            if (parts.length !== 2) {
-                continue;
-            }
+            const name = (role.name || '').trim();
 
-            const roleInfo = parts[1];
+            // if name role with '#', then get right part; otherwise name as is
+            const hashParts = name.split('#');
+            const roleInfoRaw = (hashParts.length === 2 ? hashParts[1] : hashParts[0]).trim();
+            // Alias: admin (without #) = ServiceAdmin for all components
+            const roleInfo = /^admin$/i.test(roleInfoRaw) ? 'ServiceAdmin' : roleInfoRaw;
 
             // Try extrat type and component (i.e.: ServiceCustomerORION)
             let match = roleInfo.match(

test/unit/validate_user_local_pdp_action_test.js

@@ -107,6 +107,19 @@ describe('Local PDP validationRequest decision tree', function () {
         .catch(done);
     });
 
+    it('admin without component can READ ORION at service level', function (done) {
+        runValidation({
+            roles: [{ id: '1', name: 'admin' }],
+            frn: 'fiware:orion:smartcity:/:::',
+            action: 'create'
+        })
+        .then(function (decision) {
+            decision.should.equal('Permit');
+            done();
+        })
+        .catch(done);
+    });
+
     it('ServiceCustomer without component cannot CREATE in ORION', function (done) {
         runValidation({
             roles: [{ id: '1', name: 'x#ServiceCustomer' }],