[TT-14365]Test/apply policies restricted types fix (#7020)

andrei-tyk · Tit Petric · buger · web-flow · commit 0fce23c4979d · 2025-04-16T09:37:30.000Z
### **User description** <details open> <summary><a href="https://tyktech.atlassian.net/browse/TT-14365" title="TT-14365" target="_blank">TT-14365</a></summary> <br /> <table> <tr> <th>Summary</th> <td>Issue merging field based permissions, allowed_types should be merged</td> </tr> <tr> <th>Type</th> <td> <img alt="Bug" src="https://tyktech.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium" /> Bug </td> </tr> <tr> <th>Status</th> <td>In Dev</td> </tr> <tr> <th>Points</th> <td>N/A</td> </tr> <tr> <th>Labels</th> <td><a href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20Commercial_candidate_rel2-2025%20ORDER%20BY%20created%20DESC" title="Commercial_candidate_rel2-2025">Commercial_candidate_rel2-2025</a>, <a href="https://tyktech.atlassian.net/issues?jql=project%20%3D%20TT%20AND%20labels%20%3D%20QA_Fail%20ORDER%20BY%20created%20DESC" title="QA_Fail">QA_Fail</a></td> </tr> </table> </details>  ---  ## Description  ## Related Issue     ## Motivation and Context  ## How This Has Been Tested     ## Screenshots (if appropriate) ## Types of changes  - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality) ## Checklist    - [ ] I ensured that the documentation is up to date - [ ] I explained why this PR updates go.mod in detail with reasoning why it's required - [ ] I would like a code coverage CI quality gate exception and have explained why ___ ### **PR Type** Bug fix ___ ### **Description** - Map existing restricted types to indices - Intersect fields for common restricted types - Append non-existing restricted types from new policy ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>apply.go</strong><dd><code>Update merging logic for restricted types in policies</code>&nbsp; &nbsp; &nbsp; &nbsp; </dd></summary> <hr> internal/policy/apply.go <li>Introduced a map to track indices of restricted types<br> <li> Updated field intersection when types exist in both policies<br> <li> Append new restricted types when missing </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/7020/files#diff-59b92e9d31f142f1d99b746eb3ff7db4e26bf6c3044c9b87b58034a947ee04d1">+11/-4</a>&nbsp; &nbsp; </td> </tr> </table></td></tr></tr></tbody></table> ___ > <details> <summary> Need help?</summary><li>Type <code>/help how to ...</code> in the comments thread for any questions about PR-Agent usage.</li><li>Check out the <a href="https://qodo-merge-docs.qodo.ai/usage-guide/">documentation</a> for more information.</li></details> --------- Co-authored-by: Tit Petric <tit@tyk.io> Co-authored-by: Leonid Bugaev <leonsbox@gmail.com>
diff --git a/internal/policy/apply.go b/internal/policy/apply.go
@@ -382,12 +382,24 @@ func (t *Service) applyPartitions(policy user.Policy, session *user.SessionState
 				if len(r.RestrictedTypes) == 0 {
 					r.RestrictedTypes = v.RestrictedTypes
 				} else {
+					// Create a map to track which types have been processed
+					processedTypes := make(map[string]bool)
+
 					for _, t := range v.RestrictedTypes {
+						typeFound := false
 						for ri, rt := range r.RestrictedTypes {
 							if t.Name == rt.Name {
-								r.RestrictedTypes[ri].Fields = intersection(rt.Fields, t.Fields)
+								// Merge fields for existing types
+								r.RestrictedTypes[ri].Fields = appendIfMissing(rt.Fields, t.Fields...)
+								typeFound = true
+								processedTypes[t.Name] = true
+								break
 							}
 						}
+						// Add new types that don't exist in destination
+						if !typeFound {
+							r.RestrictedTypes = append(r.RestrictedTypes, t)
+						}
 					}
 				}
 
@@ -397,12 +409,24 @@ func (t *Service) applyPartitions(policy user.Policy, session *user.SessionState
 				if len(r.AllowedTypes) == 0 {
 					r.AllowedTypes = v.AllowedTypes
 				} else {
+					// Create a map to track which types have been processed
+					processedTypes := make(map[string]bool)
+
 					for _, t := range v.AllowedTypes {
+						typeFound := false
 						for ri, rt := range r.AllowedTypes {
 							if t.Name == rt.Name {
+								// Merge fields for existing types
 								r.AllowedTypes[ri].Fields = appendIfMissing(rt.Fields, t.Fields...)
+								typeFound = true
+								processedTypes[t.Name] = true
+								break
 							}
 						}
+						// Add new types that don't exist in destination
+						if !typeFound {
+							r.AllowedTypes = append(r.AllowedTypes, t)
+						}
 					}
 				}
 
diff --git a/internal/policy/apply_test.go b/internal/policy/apply_test.go
@@ -761,8 +761,8 @@ func testPrepareApplyPolicies(tb testing.TB) (*policy.Service, []testApplyPolici
 				want := map[string]user.AccessDefinition{
 					"a": {
 						RestrictedTypes: []graphql.Type{
-							{Name: "Country", Fields: []string{"code"}},
-							{Name: "Person", Fields: []string{"name"}},
+							{Name: "Country", Fields: []string{"code", "name", "phone"}},
+							{Name: "Person", Fields: []string{"name", "height", "mass"}},
 						},
 						Limit: user.APILimit{},
 					},
@@ -784,8 +784,8 @@ func testPrepareApplyPolicies(tb testing.TB) (*policy.Service, []testApplyPolici
 							{Name: "Person", Fields: []string{"name", "height", "mass"}},
 						},
 						RestrictedTypes: []graphql.Type{
-							{Name: "Dog", Fields: []string{"name", "breed"}},
-							{Name: "Cat", Fields: []string{"name"}},
+							{Name: "Dog", Fields: []string{"name", "breed", "country"}},
+							{Name: "Cat", Fields: []string{"name", "country"}},
 						},
 						Limit: user.APILimit{},
 					},
