From bbf78138aab7ec3f74c1cc1804e72b844701aa87 Mon Sep 17 00:00:00 2001
From: B-Lorentz <44694582+B-Lorentz@users.noreply.github.com>
Date: Thu, 2 Jan 2025 19:48:56 +0100
Subject: [PATCH] Improve substitution (#1387)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lőrinc Bódy <lorinc.body@devrev.ai>
---
 .gitignore                |  4 ++++
 cedar-policy/CHANGELOG.md |  1 +
 cedar-policy/src/api.rs   | 17 +++++++++++++++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index a7504906d..be975cd6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,10 @@
 # Don't check in the Emacs temp files
 *~
 
+# Don't check in common editors configs
+.vscode
+.zed
+
 # Don't check in test framework files
 .attach_pid*
 
diff --git a/cedar-policy/CHANGELOG.md b/cedar-policy/CHANGELOG.md
index e28401801..91ab8a837 100644
--- a/cedar-policy/CHANGELOG.md
+++ b/cedar-policy/CHANGELOG.md
@@ -22,6 +22,7 @@ Cedar Language Version: TBD
 - Added protobuf and JSON generation code to `cedar-policy-cli`.
 - Added a new get helper method to Context that allows easy extraction of generic values from the context by key. This method simplifies the common use case of retrieving values from Context objects.
 - Implemented [RFC 62 (extended `has` operator)](https://github.com/cedar-policy/rfcs/blob/main/text/0062-extended-has.md)  (#1327, resolving #1329)
+- Added a helper method to `PartialResponse` to accept substitutions from an iterator.
 
 ### Changed
 
diff --git a/cedar-policy/src/api.rs b/cedar-policy/src/api.rs
index 0f75fd66a..8ef7bb8ba 100644
--- a/cedar-policy/src/api.rs
+++ b/cedar-policy/src/api.rs
@@ -1079,12 +1079,25 @@ impl PartialResponse {
         self.0.get(id.as_ref()).map(Policy::from_ast)
     }
 
-    /// Attempt to re-authorize this response given a mapping from unknowns to values
+    /// Attempt to re-authorize this response given a mapping from unknowns to values.
+    #[allow(clippy::needless_pass_by_value)]
+    #[deprecated = "use reauthorize_with_bindings"]
     pub fn reauthorize(
         &self,
         mapping: HashMap<SmolStr, RestrictedExpression>,
         auth: &Authorizer,
         es: &Entities,
+    ) -> Result<Self, ReauthorizationError> {
+        self.reauthorize_with_bindings(mapping.iter().map(|(k, v)| (k.as_str(), v)), auth, es)
+    }
+
+    /// Attempt to re-authorize this response given a mapping from unknowns to values, provided as an iterator.
+    /// Exhausts the iterator, returning any evaluation errors in the restricted expressions, regardless whether there is a matching unknown.
+    pub fn reauthorize_with_bindings<'m>(
+        &self,
+        mapping: impl IntoIterator<Item = (&'m str, &'m RestrictedExpression)>,
+        auth: &Authorizer,
+        es: &Entities,
     ) -> Result<Self, ReauthorizationError> {
         let exts = Extensions::all_available();
         let evaluator = RestrictedEvaluator::new(exts);
@@ -1093,7 +1106,7 @@ impl PartialResponse {
             .map(|(name, expr)| {
                 evaluator
                     .interpret(BorrowedRestrictedExpr::new_unchecked(expr.0.as_ref()))
-                    .map(|v| (name, v))
+                    .map(|v| (name.into(), v))
             })
             .collect::<Result<HashMap<_, _>, EvaluationError>>()?;
         let r = self.0.reauthorize(&mapping, &auth.0, &es.0)?;