refactor: add type-safe BSON helpers in writer_security

Author: retran

sdk/mpr/writer_security.go

@@ -4,6 +4,7 @@ package mpr
 
 import (
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/mendixlabs/mxcli/model"
@@ -12,6 +13,28 @@ import (
 	"go.mongodb.org/mongo-driver/bson/primitive"
 )
 
+// bsonString extracts a string from an interface value, logging unexpected types.
+func bsonString(v any, field string) string {
+	if s, ok := v.(string); ok {
+		return s
+	}
+	if v != nil {
+		log.Printf("warning: writer_security: expected string for %q, got %T", field, v)
+	}
+	return ""
+}
+
+// bsonBool extracts a bool from an interface value, logging unexpected types.
+func bsonBool(v any, field string) bool {
+	if b, ok := v.(bool); ok {
+		return b
+	}
+	if v != nil {
+		log.Printf("warning: writer_security: expected bool for %q, got %T", field, v)
+	}
+	return false
+}
+
 // GetRawUnitBytes reads the raw BSON bytes for a unit by ID.
 // This returns unprocessed bytes suitable for raw BSON patching.
 func (r *Reader) GetRawUnitBytes(id model.ID) ([]byte, error) {
@@ -251,7 +274,7 @@ func (w *Writer) RemoveModuleRole(unitID model.ID, roleName string) error {
 				name := ""
 				for _, f := range roleDoc {
 					if f.Key == "Name" {
-						name, _ = f.Value.(string)
+						name = bsonString(f.Value, "Name")
 						break
 					}
 				}
@@ -325,7 +348,7 @@ func (w *Writer) AlterUserRoleModuleRoles(unitID model.ID, userRoleName string,
 			name := ""
 			for _, f := range roleDoc {
 				if f.Key == "Name" {
-					name, _ = f.Value.(string)
+					name = bsonString(f.Value, "Name")
 					break
 				}
 			}
@@ -476,7 +499,7 @@ func (w *Writer) RemoveUserRole(unitID model.ID, name string) error {
 				roleName := ""
 				for _, f := range roleDoc {
 					if f.Key == "Name" {
-						roleName, _ = f.Value.(string)
+						roleName = bsonString(f.Value, "Name")
 						break
 					}
 				}
@@ -530,7 +553,7 @@ func (w *Writer) RemoveDemoUser(unitID model.ID, userName string) error {
 				name := ""
 				for _, f := range userDoc {
 					if f.Key == "UserName" {
-						name, _ = f.Value.(string)
+						name = bsonString(f.Value, "UserName")
 						break
 					}
 				}
@@ -582,7 +605,7 @@ func (w *Writer) AddEntityAccessRule(unitID model.ID, entityName string, roleNam
 			name := ""
 			for _, f := range entityDoc {
 				if f.Key == "Name" {
-					name, _ = f.Value.(string)
+					name = bsonString(f.Value, "Name")
 					break
 				}
 			}
@@ -767,11 +790,11 @@ func mergeAccessRule(existing, newRule bson.D) bson.D {
 			for _, mf := range maDoc {
 				switch mf.Key {
 				case "Attribute":
-					ref = mf.Value.(string)
+					ref = bsonString(mf.Value, "Attribute")
 				case "Association":
-					ref = mf.Value.(string)
+					ref = bsonString(mf.Value, "Association")
 				case "AccessRights":
-					rights, _ = mf.Value.(string)
+					rights = bsonString(mf.Value, "AccessRights")
 				}
 			}
 			if ref != "" {
@@ -786,32 +809,32 @@ func mergeAccessRule(existing, newRule bson.D) bson.D {
 	for _, f := range existing {
 		switch f.Key {
 		case "AllowCreate":
-			existCreate, _ = f.Value.(bool)
+			existCreate = bsonBool(f.Value, "AllowCreate")
 		case "AllowDelete":
-			existDelete, _ = f.Value.(bool)
+			existDelete = bsonBool(f.Value, "AllowDelete")
 		case "DefaultMemberAccessRights":
-			existDefault, _ = f.Value.(string)
+			existDefault = bsonString(f.Value, "DefaultMemberAccessRights")
 		case "XPathConstraint":
-			existXPath, _ = f.Value.(string)
+			existXPath = bsonString(f.Value, "XPathConstraint")
 		}
 	}
 
 	// Merge into newRule
 	for i, f := range newRule {
 		switch f.Key {
 		case "AllowCreate":
-			newVal, _ := f.Value.(bool)
+			newVal := bsonBool(f.Value, "AllowCreate")
 			newRule[i].Value = newVal || existCreate
 		case "AllowDelete":
-			newVal, _ := f.Value.(bool)
+			newVal := bsonBool(f.Value, "AllowDelete")
 			newRule[i].Value = newVal || existDelete
 		case "DefaultMemberAccessRights":
-			newVal, _ := f.Value.(string)
+			newVal := bsonString(f.Value, "DefaultMemberAccessRights")
 			if accessRightsLevel(existDefault) > accessRightsLevel(newVal) {
 				newRule[i].Value = existDefault
 			}
 		case "XPathConstraint":
-			newVal, _ := f.Value.(string)
+			newVal := bsonString(f.Value, "XPathConstraint")
 			if newVal == "" && existXPath != "" {
 				newRule[i].Value = existXPath
 			}
@@ -829,11 +852,11 @@ func mergeAccessRule(existing, newRule bson.D) bson.D {
 				for _, mf := range maDoc {
 					switch mf.Key {
 					case "Attribute":
-						ref = mf.Value.(string)
+						ref = bsonString(mf.Value, "Attribute")
 					case "Association":
-						ref = mf.Value.(string)
+						ref = bsonString(mf.Value, "Association")
 					case "AccessRights":
-						newRights, _ = mf.Value.(string)
+						newRights = bsonString(mf.Value, "AccessRights")
 					}
 				}
 				if ref == "" {
@@ -885,7 +908,7 @@ func (w *Writer) RemoveEntityAccessRule(unitID model.ID, entityName string, role
 			name := ""
 			for _, f := range entityDoc {
 				if f.Key == "Name" {
-					name, _ = f.Value.(string)
+					name = bsonString(f.Value, "Name")
 					break
 				}
 			}
@@ -1016,7 +1039,7 @@ func (w *Writer) RevokeEntityMemberAccess(unitID model.ID, entityName string, ro
 			name := ""
 			for _, f := range entityDoc {
 				if f.Key == "Name" {
-					name, _ = f.Value.(string)
+					name = bsonString(f.Value, "Name")
 					break
 				}
 			}
@@ -1073,7 +1096,7 @@ func (w *Writer) RevokeEntityMemberAccess(unitID model.ID, entityName string, ro
 								ruleDoc[k].Value = "None"
 								ruleModified = true
 							} else if revocation.RevokeWriteAll {
-								cur, _ := rf.Value.(string)
+								cur := bsonString(rf.Value, "DefaultMemberAccessRights")
 								if cur == "ReadWrite" {
 									ruleDoc[k].Value = "ReadOnly"
 									ruleModified = true
@@ -1093,11 +1116,11 @@ func (w *Writer) RevokeEntityMemberAccess(unitID model.ID, entityName string, ro
 								for _, mf := range maDoc {
 									switch mf.Key {
 									case "Attribute":
-										ref = mf.Value.(string)
+										ref = bsonString(mf.Value, "Attribute")
 									case "Association":
-										ref = mf.Value.(string)
+										ref = bsonString(mf.Value, "Association")
 									case "AccessRights":
-										rights, _ = mf.Value.(string)
+										rights = bsonString(mf.Value, "AccessRights")
 									}
 								}
 								if ref == "" {
@@ -1267,7 +1290,7 @@ func (w *Writer) ReconcileMemberAccesses(unitID model.ID, moduleName string) (in
 			entityName := ""
 			for _, f := range entityDoc {
 				if f.Key == "Name" {
-					entityName, _ = f.Value.(string)
+					entityName = bsonString(f.Value, "Name")
 					break
 				}
 			}
@@ -1288,7 +1311,7 @@ func (w *Writer) ReconcileMemberAccesses(unitID model.ID, moduleName string) (in
 				isCalculated := false
 				for _, f := range attrDoc {
 					if f.Key == "Name" {
-						attrName, _ = f.Value.(string)
+						attrName = bsonString(f.Value, "Name")
 					}
 					if f.Key == "Value" {
 						if valueDoc, ok := f.Value.(bson.D); ok {
@@ -1363,7 +1386,7 @@ func (w *Writer) ReconcileMemberAccesses(unitID model.ID, moduleName string) (in
 					case "ParentPointer":
 						aParentID = extractBsonIDValue(f.Value)
 					case "Name":
-						aName, _ = f.Value.(string)
+						aName = bsonString(f.Value, "Name")
 					}
 				}
 				if aParentID == entityID && aName != "" {
@@ -1382,7 +1405,7 @@ func (w *Writer) ReconcileMemberAccesses(unitID model.ID, moduleName string) (in
 						parentID = extractBsonIDValue(f.Value)
 					}
 					if f.Key == "Name" {
-						caName, _ = f.Value.(string)
+						caName = bsonString(f.Value, "Name")
 					}
 				}
 				if parentID == entityID && caName != "" {
@@ -1461,10 +1484,10 @@ func (w *Writer) ReconcileMemberAccesses(unitID model.ID, moduleName string) (in
 							assocRef := ""
 							for _, mf := range maDoc {
 								if mf.Key == "Attribute" {
-									attrRef, _ = mf.Value.(string)
+									attrRef = bsonString(mf.Value, "Attribute")
 								}
 								if mf.Key == "Association" {
-									assocRef, _ = mf.Value.(string)
+									assocRef = bsonString(mf.Value, "Association")
 								}
 							}
 

sdk/mpr/writer_security_test.go

@@ -3,6 +3,8 @@
 package mpr
 
 import (
+	"io"
+	"log"
 	"testing"
 
 	"go.mongodb.org/mongo-driver/bson"
@@ -124,3 +126,58 @@ func TestRemoveRolesFromAccessRule_ThreeRoles_RemoveMiddle(t *testing.T) {
 		t.Errorf("expected [Mod.A, Mod.C], got %v", names)
 	}
 }
+
+// =============================================================================
+// bsonString / bsonBool — unexpected types must not panic
+// =============================================================================
+
+func TestBsonHelpers_UnexpectedTypes_NoPanic(t *testing.T) {
+	log.SetOutput(io.Discard)
+	defer log.SetOutput(nil)
+
+	// bsonString with non-string values
+	if s := bsonString(42, "test"); s != "" {
+		t.Errorf("expected empty string, got %q", s)
+	}
+	if s := bsonString(nil, "test"); s != "" {
+		t.Errorf("expected empty string for nil, got %q", s)
+	}
+	if s := bsonString(true, "test"); s != "" {
+		t.Errorf("expected empty string for bool, got %q", s)
+	}
+
+	// bsonBool with non-bool values
+	if b := bsonBool("true", "test"); b {
+		t.Error("expected false for string input")
+	}
+	if b := bsonBool(nil, "test"); b {
+		t.Error("expected false for nil")
+	}
+	if b := bsonBool(42, "test"); b {
+		t.Error("expected false for int input")
+	}
+}
+
+func TestMergeAccessRule_UnexpectedTypes_NoPanic(t *testing.T) {
+	log.SetOutput(io.Discard)
+	defer log.SetOutput(nil)
+
+	existing := bson.D{
+		{Key: "$Type", Value: "DomainModels$AccessRule"},
+		{Key: "AllowCreate", Value: 42},          // wrong type: int instead of bool
+		{Key: "AllowDelete", Value: "not-a-bool"}, // wrong type: string instead of bool
+		{Key: "DefaultMemberAccessRights", Value: 99},
+	}
+	newRule := bson.D{
+		{Key: "$Type", Value: "DomainModels$AccessRule"},
+		{Key: "AllowCreate", Value: true},
+		{Key: "AllowDelete", Value: false},
+		{Key: "DefaultMemberAccessRights", Value: "ReadWrite"},
+	}
+
+	// Must not panic
+	result := mergeAccessRule(existing, newRule)
+	if result == nil {
+		t.Error("expected non-nil result")
+	}
+}