fix: Ensure at least one permission when calling allow. (#126)

tjholm · web-flow · commit 1034b9039495 · 2023-11-14T12:37:03.000+11:00
diff --git a/nitric/resources/buckets.py b/nitric/resources/buckets.py
@@ -69,9 +69,9 @@ def _perms_to_actions(self, *args: BucketPermission) -> List[int]:
     def _to_resource(self) -> Resource:
         return Resource(name=self.name, type=ResourceType.Bucket)  # type:ignore
 
-    def allow(self, *args: BucketPermission) -> BucketRef:
+    def allow(self, perm: BucketPermission, *args: BucketPermission) -> BucketRef:
         """Request the required permissions for this resource."""
-        str_args = [str(permission) for permission in args]
+        str_args = [str(perm)] + [str(permission) for permission in args]
         self._register_policy(*str_args)
 
         return Storage().bucket(self.name)
diff --git a/nitric/resources/collections.py b/nitric/resources/collections.py
@@ -67,10 +67,10 @@ def _perms_to_actions(self, *args: CollectionPermission) -> List[int]:
 
         return [action for perm in args for action in permission_actions_map[perm]]
 
-    def allow(self, *args: CollectionPermission) -> CollectionRef:
+    def allow(self, perm: CollectionPermission, *args: CollectionPermission) -> CollectionRef:
         """Request the required permissions for this collection."""
         # Ensure registration of the resource is complete before requesting permissions.
-        str_args = [str(permission) for permission in args]
+        str_args = [str(perm)] + [str(permission) for permission in args]
         self._register_policy(*str_args)
 
         return Documents().collection(self.name)
diff --git a/nitric/resources/queues.py b/nitric/resources/queues.py
@@ -65,10 +65,10 @@ async def _register(self) -> None:
         except GRPCError as grpc_err:
             raise exception_from_grpc_error(grpc_err)
 
-    def allow(self, *args: QueuePermission) -> QueueRef:
+    def allow(self, perm: QueuePermission, *args: QueuePermission) -> QueueRef:
         """Request the required permissions for this queue."""
         # Ensure registration of the resource is complete before requesting permissions.
-        str_args = [str(permission) for permission in args]
+        str_args = [str(perm)] + [str(permission) for permission in args]
         self._register_policy(*str_args)
 
         return Queues().queue(self.name)
diff --git a/nitric/resources/secrets.py b/nitric/resources/secrets.py
@@ -66,9 +66,9 @@ def _perms_to_actions(self, *args: SecretPermission) -> List[int]:
 
         return [action for perm in args for action in permissions_actions_map[perm]]
 
-    def allow(self, *args: SecretPermission) -> SecretContainerRef:
+    def allow(self, perm: SecretPermission, *args: SecretPermission) -> SecretContainerRef:
         """Request the specified permissions to this resource."""
-        str_args = [str(permission) for permission in args]
+        str_args = [str(perm)] + [str(permission) for permission in args]
         self._register_policy(*str_args)
 
         return Secrets().secret(self.name)
diff --git a/nitric/resources/topics.py b/nitric/resources/topics.py
@@ -63,9 +63,9 @@ def _perms_to_actions(self, *args: TopicPermission) -> List[int]:
 
         return [action for perm in args for action in _permMap[perm]]
 
-    def allow(self, *args: TopicPermission) -> TopicRef:
+    def allow(self, perm: TopicPermission, *args: TopicPermission) -> TopicRef:
         """Request the specified permissions to this resource."""
-        str_args = [str(permission) for permission in args]
+        str_args = [perm] + [str(permission) for permission in args]
         self._register_policy(*str_args)
 
         return Events().topic(self.name)
