feat: return the matched allow policy in authorize()

not just the policy id. this makes the API easier to understand (in many cases, the first policy is matched, so the return value is `0`, which is falsy)

Author: divarvel

biscuit_test.py

@@ -267,7 +267,7 @@ def test_complete_lifecycle():
 
     policy = authorizer.authorize()
 
-    assert policy == 0
+    assert policy == {'code': 'allow if user("1234")', 'policy_id': 0}
 
     rule = Rule("u($id) <- user($id), $id == {id}", { 'id': "1234"})
     facts = authorizer.query(rule)
@@ -300,7 +300,7 @@ def test_snapshot():
 
     policy = parsed.authorize()
 
-    assert policy == 0
+    assert policy == {'code': 'allow if user("1234")', 'policy_id': 0}
 
     rule = Rule("u($id) <- user($id), $id == {id}", { 'id': "1234"})
     facts = parsed.query(rule)
@@ -315,7 +315,7 @@ def test_snapshot():
 
     raw_policy = parsed_from_raw.authorize()
 
-    assert raw_policy == 0
+    assert raw_policy == {'code': 'allow if user("1234")', 'policy_id': 0}
 
     rule = Rule("u($id) <- user($id), $id == {id}", { 'id': "1234"})
     raw_facts = parsed_from_raw.query(rule)
@@ -471,5 +471,4 @@ def test(left, right):
       'other': lambda x : x == 2,
     })
     policy = authorizer.build_unauthenticated().authorize()
-    assert policy == 0
-
+    assert policy == {'code': 'allow if 1.extern::test(1)', 'policy_id': 0}

src/lib.rs

@@ -47,7 +47,7 @@ struct AuthorizationErrorData {
 }
 
 #[derive(IntoPyObject)]
-struct MatchedPolicyData {
+pub struct MatchedPolicyData {
     policy_id: usize,
     code: String,
 }
@@ -807,15 +807,16 @@ impl PyAuthorizer {
     ///
     /// :return: the index of the matched allow rule
     /// :rtype: int
-    pub fn authorize(&mut self) -> PyResult<usize> {
-        self.0.authorize().map_err(|error| match error {
+    pub fn authorize(&mut self) -> PyResult<MatchedPolicyData> {
+        let all_policies = self.0.dump().3;
+        let policy_id = self.0.authorize().map_err(|error| match error {
             error::Token::FailedLogic(error::Logic::Unauthorized {
                 policy: MatchedPolicy::Deny(pid),
                 checks,
             }) => AuthorizationError::new_err(AuthorizationErrorData {
                 matched_policy: Some(MatchedPolicyData {
                     policy_id: pid,
-                    code: self.0.dump().3.get(pid).unwrap().to_string(),
+                    code: all_policies.get(pid).unwrap().to_string(),
                 }),
                 checks: checks
                     .into_iter()
@@ -838,6 +839,11 @@ impl PyAuthorizer {
                     .collect(),
             }),
             _ => AuthorizationError::new_err(error.to_string()),
+        })?;
+
+        Ok(MatchedPolicyData {
+            policy_id,
+            code: all_policies.get(policy_id).unwrap().to_string(),
         })
     }