fabaccess-bffh/bffhd/session/mod.rs

use crate::authorization::permissions::Permission;
use crate::authorization::roles::Roles;
use crate::resources::Resource;
use crate::users::{db, UserRef};
use crate::Users;
use tracing::Span;
use crate::users::db::User;

#[derive(Clone)]
pub struct SessionManager {
    users: Users,
    roles: Roles,
    // cache: SessionCache // todo
}
impl SessionManager {
    pub fn new(users: Users, roles: Roles) -> Self {
        Self { users, roles }
    }

    pub fn try_open(&self, parent: &Span, uid: impl AsRef<str>) -> Option<SessionHandle> {
        self.users.get_user(uid.as_ref()).map(|user| self.open(parent, user))
    }

    // TODO: make infallible
    pub fn open(&self, parent: &Span, user: User) -> SessionHandle {
        let uid = user.id.as_str();
        let span = tracing::info_span!(
            target: "bffh::api",
            parent: parent,
            "session",
            uid,
        );
        tracing::trace!(parent: &span, uid, ?user, "opening session");
        SessionHandle {
            span,
            users: self.users.clone(),
            roles: self.roles.clone(),
            user: UserRef::new(user.id),
        }
    }
}

#[derive(Clone)]
pub struct SessionHandle {
    pub span: Span,

    pub users: Users,
    pub roles: Roles,

    user: UserRef,
}

impl SessionHandle {
    pub fn get_user_ref(&self) -> UserRef {
        self.user.clone()
    }

    pub fn get_user(&self) -> db::User {
        self.users
            .get_user(self.user.get_username())
            .expect("Failed to get user self")
    }

    pub fn has_disclose(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().disclose)
        } else {
            false
        }
    }
    pub fn has_read(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().read)
        } else {
            false
        }
    }
    pub fn has_write(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().write)
        } else {
            false
        }
    }
    pub fn has_manage(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().manage)
        } else {
            false
        }
    }
    pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, perm)
        } else {
            false
        }
    }
}
Implement more API to make Borepin happier 2022-03-16 20:17:59 +01:00			`use crate::authorization::permissions::Permission;`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use crate::authorization::roles::Roles;`
Api framework impl 2022-03-13 17:29:21 +01:00			`use crate::resources::Resource;`
User admin methods 2022-03-21 00:01:50 +01:00			`use crate::users::{db, UserRef};`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use crate::Users;`
log all api calls with `TRACE` level 2022-06-24 13:57:47 +02:00			`use tracing::Span;`
Update to latest rsasl 2022-11-01 10:47:51 +01:00			`use crate::users::db::User;`
Implement more API 2022-03-12 17:31:53 +01:00
			`#[derive(Clone)]`
			`pub struct SessionManager {`
Session initialization 2022-03-15 17:52:47 +01:00			`users: Users,`
Impl roles 2022-03-15 19:14:04 +01:00			`roles: Roles,`
			`// cache: SessionCache // todo`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`impl SessionManager {`
Impl roles 2022-03-15 19:14:04 +01:00			`pub fn new(users: Users, roles: Roles) -> Self {`
			`Self { users, roles }`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
Session initialization 2022-03-15 17:52:47 +01:00
Update to latest rsasl 2022-11-01 10:47:51 +01:00			`pub fn try_open(&self, parent: &Span, uid: impl AsRef<str>) -> Option<SessionHandle> {`
			`self.users.get_user(uid.as_ref()).map(\|user\| self.open(parent, user))`
			`}`

Session initialization 2022-03-15 17:52:47 +01:00			`// TODO: make infallible`
Update to latest rsasl 2022-11-01 10:47:51 +01:00			`pub fn open(&self, parent: &Span, user: User) -> SessionHandle {`
			`let uid = user.id.as_str();`
			`let span = tracing::info_span!(`
			`target: "bffh::api",`
			`parent: parent,`
			`"session",`
			`uid,`
			`);`
			`tracing::trace!(parent: &span, uid, ?user, "opening session");`
			`SessionHandle {`
			`span,`
			`users: self.users.clone(),`
			`roles: self.roles.clone(),`
			`user: UserRef::new(user.id),`
Session initialization 2022-03-15 17:52:47 +01:00			`}`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`}`

Impl roles 2022-03-15 19:14:04 +01:00			`#[derive(Clone)]`
Implement more API 2022-03-12 17:31:53 +01:00			`pub struct SessionHandle {`
log all api calls with `TRACE` level 2022-06-24 13:57:47 +02:00			`pub span: Span,`

User admin methods 2022-03-21 00:01:50 +01:00			`pub users: Users,`
			`pub roles: Roles,`
Impl roles 2022-03-15 19:14:04 +01:00
Session initialization 2022-03-15 17:52:47 +01:00			`user: UserRef,`
Implement more API 2022-03-12 17:31:53 +01:00			`}`

			`impl SessionHandle {`
User admin methods 2022-03-21 00:01:50 +01:00			`pub fn get_user_ref(&self) -> UserRef {`
Impl roles 2022-03-15 19:14:04 +01:00			`self.user.clone()`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`

User admin methods 2022-03-21 00:01:50 +01:00			`pub fn get_user(&self) -> db::User {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.users`
			`.get_user(self.user.get_username())`
			`.expect("Failed to get user self")`
User admin methods 2022-03-21 00:01:50 +01:00			`}`

Api framework impl 2022-03-13 17:29:21 +01:00			`pub fn has_disclose(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().disclose)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_read(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().read)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_write(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().write)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_manage(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().manage)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
Implement more API to make Borepin happier 2022-03-16 20:17:59 +01:00			`pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {`
			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, perm)`
			`} else {`
			`false`
			`}`
			`}`
Run rustfmt 2022-05-05 15:50:44 +02:00			`}`