From 150d5dbac328eec7035175514f737c500fa97abb Mon Sep 17 00:00:00 2001
From: Geoffroy Couprie <contact@geoffroycouprie.com>
Date: Sat, 8 Jun 2024 18:49:16 +0200
Subject: [PATCH] add an example of nested maps and arrays

---
 biscuit-auth/examples/testcases.rs        |   2 ++
 biscuit-auth/samples/README.md            |   6 ++++--
 biscuit-auth/samples/samples.json         |   9 ++++++---
 biscuit-auth/samples/test033_array_map.bc | Bin 1523 -> 1623 bytes
 4 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/biscuit-auth/examples/testcases.rs b/biscuit-auth/examples/testcases.rs
index af4d1537..aec0992a 100644
--- a/biscuit-auth/examples/testcases.rs
+++ b/biscuit-auth/examples/testcases.rs
@@ -2163,6 +2163,8 @@ fn array_map(target: &str, root: &KeyPair, test: bool) -> TestResult {
         check if { "a": 1 , "b": 2, 1: "A" }.get(2) == null;
         check if { "a": 1 , "b": 2 }.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3 );
         check if { "a": 1 , "b": 2, 1: "A" }.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A" );
+        // nesting
+        check if { "user": { "id": 1, "roles": ["admin"] } }.get("user").get("roles").contains("admin");
     "#
     )
     .build_with_rng(&root, SymbolTable::default(), &mut rng)
diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md
index ce77ddfa..27a8027d 100644
--- a/biscuit-auth/samples/README.md
+++ b/biscuit-auth/samples/README.md
@@ -2873,7 +2873,7 @@ result: `Err(Execution(ShadowedVariable))`
 ### token
 
 authority:
-symbols: ["a", "b", "c", "p", "d", "A", "kv"]
+symbols: ["a", "b", "c", "p", "d", "A", "kv", "id", "roles"]
 
 public keys: []
 
@@ -2898,6 +2898,7 @@ check if {1: "A", "a": 1, "b": 2}.get("c") == null;
 check if {1: "A", "a": 1, "b": 2}.get(2) == null;
 check if {"a": 1, "b": 2}.all($kv -> $kv.get(0) != "c" && $kv.get(1) < 3);
 check if {1: "A", "a": 1, "b": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == "A");
+check if {"user": {"id": 1, "roles": ["admin"]}}.get("user").get("roles").contains("admin");
 ```
 
 ### validation
@@ -2908,7 +2909,7 @@ allow if true;
 ```
 
 revocation ids:
-- `724dd2068fa72d515cbc29894b81e8e64878b45f35755a52fd77bbf0bd2df3bc14b88033ee6b8255e3e79dc253947a6621d3ca7e6427e3f8f29888588b0a6907`
+- `7096e2ad9ad5dcae778cea1cee800ffc38017196e56aed693810d0933bcecc804a723768c3b494fa23d99be59ca3588bfa806e3fe2dac29d0ca9e452b69ead09`
 
 authorizer world:
 ```
@@ -2934,6 +2935,7 @@ World {
             "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\")",
             "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4",
             "check if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3)",
+            "check if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\")",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\")",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1",
             "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null",
diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json
index 344650c4..3fb9fa30 100644
--- a/biscuit-auth/samples/samples.json
+++ b/biscuit-auth/samples/samples.json
@@ -2702,11 +2702,13 @@
             "p",
             "d",
             "A",
-            "kv"
+            "kv",
+            "id",
+            "roles"
           ],
           "public_keys": [],
           "external_key": null,
-          "code": "check if [1, 2, 1].length() == 3;\ncheck if [\"a\", \"b\"] != [1, 2, 3];\ncheck if [\"a\", \"b\"] == [\"a\", \"b\"];\ncheck if [\"a\", \"b\", \"c\"].contains(\"c\");\ncheck if [1, 2, 3].starts_with([1, 2]);\ncheck if [4, 5, 6].ends_with([6]);\ncheck if [1, 2, \"a\"].get(2) == \"a\";\ncheck if [1, 2].get(3) == null;\ncheck if [1, 2, 3].all($p -> $p > 0);\ncheck if [1, 2, 3].any($p -> $p > 2);\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4;\ncheck if {1: \"a\", 2: \"b\"} != {\"a\": 1, \"b\": 2};\ncheck if {1: \"a\", 2: \"b\"} == {1: \"a\", 2: \"b\"};\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\");\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(1) == \"A\";\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(2) == null;\ncheck if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3);\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\");\n"
+          "code": "check if [1, 2, 1].length() == 3;\ncheck if [\"a\", \"b\"] != [1, 2, 3];\ncheck if [\"a\", \"b\"] == [\"a\", \"b\"];\ncheck if [\"a\", \"b\", \"c\"].contains(\"c\");\ncheck if [1, 2, 3].starts_with([1, 2]);\ncheck if [4, 5, 6].ends_with([6]);\ncheck if [1, 2, \"a\"].get(2) == \"a\";\ncheck if [1, 2].get(3) == null;\ncheck if [1, 2, 3].all($p -> $p > 0);\ncheck if [1, 2, 3].any($p -> $p > 2);\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4;\ncheck if {1: \"a\", 2: \"b\"} != {\"a\": 1, \"b\": 2};\ncheck if {1: \"a\", 2: \"b\"} == {1: \"a\", 2: \"b\"};\ncheck if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\");\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(1) == \"A\";\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null;\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.get(2) == null;\ncheck if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3);\ncheck if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\");\ncheck if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\");\n"
         }
       ],
       "validations": {
@@ -2731,6 +2733,7 @@
                   "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.contains(\"d\")",
                   "check if {\"a\": 1, \"b\": 2, \"c\": 3, \"d\": 4}.length() == 4",
                   "check if {\"a\": 1, \"b\": 2}.all($kv -> $kv.get(0) != \"c\" && $kv.get(1) < 3)",
+                  "check if {\"user\": {\"id\": 1, \"roles\": [\"admin\"]}}.get(\"user\").get(\"roles\").contains(\"admin\")",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.any($kv -> $kv.get(0) == 1 && $kv.get(1) == \"A\")",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"a\") == 1",
                   "check if {1: \"A\", \"a\": 1, \"b\": 2}.get(\"c\") == null",
@@ -2750,7 +2753,7 @@
           },
           "authorizer_code": "allow if true;\n",
           "revocation_ids": [
-            "724dd2068fa72d515cbc29894b81e8e64878b45f35755a52fd77bbf0bd2df3bc14b88033ee6b8255e3e79dc253947a6621d3ca7e6427e3f8f29888588b0a6907"
+            "7096e2ad9ad5dcae778cea1cee800ffc38017196e56aed693810d0933bcecc804a723768c3b494fa23d99be59ca3588bfa806e3fe2dac29d0ca9e452b69ead09"
           ]
         }
       }
diff --git a/biscuit-auth/samples/test033_array_map.bc b/biscuit-auth/samples/test033_array_map.bc
index 06138f38914ec90dd6c6b23266bdd583e9c1d99c..b4cd49836b5d0260780b7ec7db8dc62dff6b80dd 100644
GIT binary patch
delta 211
zcmey&eVs>LXaf(|QEo2AL@vf8F2-ao#sV(J6fQ<bE~e}<E~d;BF4m&_oYdltGTy9_
zM&VqcTudC&QvO^TTxvloTuNL_0$f5eK~h|tT+9OP970S2j9k1xW(S85n->cglLRjp
zh~(m8kpk-DV&!6%=-_~Ipwd7I*2(Ft8V&{19<7~q_0GETo>wyO8u<TMFcwaGn)No*
zLg2z=>vLxsyo$^-4sV(AOZn#Pr*jrZbpL9|vww8!&|IFCPlC41Tgy55JgW)-)TcU4

delta 110
zcmV-!0FnRK4D$;d63hz<;R*@?VG03a3ISsZ0dNWdWC{U63Ic0(u_sFflgkAtKyppe
z29KvLQCz$!iA#a#=16$7Uo~}FQvG+k@VzbbycD>AGwy4GRpaNK!c&xbW+Btceq<-(
Q`0|*DSc?j22a_`fBuKI>X#fBK