From d7af4b2cf9b8048b293d2c325bd3d6c74cd90110 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mit.edu>
Date: Wed, 1 Jul 2015 18:23:55 -0400
Subject: [PATCH] added scope consistent check to resource set service

---
 .../impl/DefaultResourceSetService.java       | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
index 14716e224..0cbd2a074 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
@@ -19,6 +19,7 @@ package org.mitre.uma.service.impl;
 
 import java.util.Collection;
 
+import org.mitre.uma.model.Policy;
 import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.repository.ResourceSetRepository;
 import org.mitre.uma.service.ResourceSetService;
@@ -48,6 +49,10 @@ public class DefaultResourceSetService implements ResourceSetService {
 			throw new IllegalArgumentException("Can't save a new resource set with an ID already set to it.");
 		}
 		
+		if (!checkScopeConsistency(rs)) {
+			throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
+		}
+		
 		ResourceSet saved = repository.save(rs);
 		
 		return saved;
@@ -68,6 +73,10 @@ public class DefaultResourceSetService implements ResourceSetService {
 			throw new IllegalArgumentException("Resource set IDs mismatched");
 			
 		}
+
+		if (!checkScopeConsistency(newRs)) {
+			throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
+		}
 		
 		newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
 		newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates
@@ -93,6 +102,14 @@ public class DefaultResourceSetService implements ResourceSetService {
 		return repository.getAllForOwnerAndClient(owner, clientId);
 	}
 	
-	
+	private boolean checkScopeConsistency(ResourceSet rs) {
+		for (Policy policy : rs.getPolicies()) {
+			if (!rs.getScopes().containsAll(policy.getScopes())) {
+				return false;
+			}
+		}
+		// we've checked everything, we're good
+		return true;
+	}
 	
 }