fabaccess-bffh/bffhd/session/mod.rs

93 lines
2.6 KiB
Rust
Raw Permalink Normal View History

use crate::authorization::permissions::Permission;
2022-05-05 15:50:44 +02:00
use crate::authorization::roles::Roles;
2022-03-13 17:29:21 +01:00
use crate::resources::Resource;
2022-03-21 00:01:50 +01:00
use crate::users::{db, UserRef};
2022-05-05 15:50:44 +02:00
use crate::Users;
2022-03-12 17:31:53 +01:00
#[derive(Clone)]
pub struct SessionManager {
2022-03-15 17:52:47 +01:00
users: Users,
2022-03-15 19:14:04 +01:00
roles: Roles,
// cache: SessionCache // todo
2022-03-12 17:31:53 +01:00
}
impl SessionManager {
2022-03-15 19:14:04 +01:00
pub fn new(users: Users, roles: Roles) -> Self {
Self { users, roles }
2022-03-12 17:31:53 +01:00
}
2022-03-15 17:52:47 +01:00
// TODO: make infallible
2022-03-12 17:31:53 +01:00
pub fn open(&self, uid: impl AsRef<str>) -> Option<SessionHandle> {
2022-03-15 17:52:47 +01:00
let uid = uid.as_ref();
if let Some(user) = self.users.get_user(uid) {
2022-03-16 19:01:09 +01:00
tracing::trace!(uid, ?user, "opening new session for user");
2022-03-15 19:14:04 +01:00
Some(SessionHandle {
users: self.users.clone(),
roles: self.roles.clone(),
user: UserRef::new(user.id),
})
2022-03-15 17:52:47 +01:00
} else {
None
}
2022-03-12 17:31:53 +01:00
}
}
2022-03-15 19:14:04 +01:00
#[derive(Clone)]
2022-03-12 17:31:53 +01:00
pub struct SessionHandle {
2022-03-21 00:01:50 +01:00
pub users: Users,
pub roles: Roles,
2022-03-15 19:14:04 +01:00
2022-03-15 17:52:47 +01:00
user: UserRef,
2022-03-12 17:31:53 +01:00
}
impl SessionHandle {
2022-03-21 00:01:50 +01:00
pub fn get_user_ref(&self) -> UserRef {
2022-03-15 19:14:04 +01:00
self.user.clone()
2022-03-13 17:29:21 +01:00
}
2022-03-21 00:01:50 +01:00
pub fn get_user(&self) -> db::User {
2022-05-05 15:50:44 +02:00
self.users
.get_user(self.user.get_username())
.expect("Failed to get user self")
2022-03-21 00:01:50 +01:00
}
2022-03-13 17:29:21 +01:00
pub fn has_disclose(&self, resource: &Resource) -> bool {
2022-03-15 19:14:04 +01:00
if let Some(user) = self.users.get_user(self.user.get_username()) {
2022-05-05 15:50:44 +02:00
self.roles
.is_permitted(&user.userdata, &resource.get_required_privs().disclose)
2022-03-15 19:14:04 +01:00
} else {
false
}
2022-03-13 17:29:21 +01:00
}
pub fn has_read(&self, resource: &Resource) -> bool {
2022-03-15 19:14:04 +01:00
if let Some(user) = self.users.get_user(self.user.get_username()) {
2022-05-05 15:50:44 +02:00
self.roles
.is_permitted(&user.userdata, &resource.get_required_privs().read)
2022-03-15 19:14:04 +01:00
} else {
false
}
2022-03-13 17:29:21 +01:00
}
pub fn has_write(&self, resource: &Resource) -> bool {
2022-03-15 19:14:04 +01:00
if let Some(user) = self.users.get_user(self.user.get_username()) {
2022-05-05 15:50:44 +02:00
self.roles
.is_permitted(&user.userdata, &resource.get_required_privs().write)
2022-03-15 19:14:04 +01:00
} else {
false
}
2022-03-13 17:29:21 +01:00
}
pub fn has_manage(&self, resource: &Resource) -> bool {
2022-03-15 19:14:04 +01:00
if let Some(user) = self.users.get_user(self.user.get_username()) {
2022-05-05 15:50:44 +02:00
self.roles
.is_permitted(&user.userdata, &resource.get_required_privs().manage)
2022-03-15 19:14:04 +01:00
} else {
false
}
2022-03-13 17:29:21 +01:00
}
pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {
if let Some(user) = self.users.get_user(self.user.get_username()) {
self.roles.is_permitted(&user.userdata, perm)
} else {
false
}
}
2022-05-05 15:50:44 +02:00
}