fabaccess-bffh/bffhd/session/mod.rs



use once_cell::sync::OnceCell;
use crate::authorization::roles::{Roles};
use crate::resources::Resource;
use crate::Users;
use crate::users::UserRef;


#[derive(Clone)]
pub struct SessionManager {
    users: Users,
    roles: Roles,

    // cache: SessionCache // todo
}
impl SessionManager {
    pub fn new(users: Users, roles: Roles) -> Self {
        Self { users, roles }
    }

    // TODO: make infallible
    pub fn open(&self, uid: impl AsRef<str>) -> Option<SessionHandle> {
        let uid = uid.as_ref();
        if let Some(user) = self.users.get_user(uid) {
            tracing::trace!(uid, "opening new session for user");
            Some(SessionHandle {
                users: self.users.clone(),
                roles: self.roles.clone(),
                user: UserRef::new(user.id),
            })
        } else {
            None
        }
    }
}

#[derive(Clone)]
pub struct SessionHandle {
    users: Users,
    roles: Roles,

    user: UserRef,
}

impl SessionHandle {
    pub fn get_user(&self) -> UserRef {
        self.user.clone()
    }

    pub fn has_disclose(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, &resource.get_required_privs().disclose)
        } else {
            false
        }
    }
    pub fn has_read(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, &resource.get_required_privs().read)
        } else {
            false
        }
    }
    pub fn has_write(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, &resource.get_required_privs().write)
        } else {
            false
        }
    }
    pub fn has_manage(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, &resource.get_required_privs().manage)
        } else {
            false
        }
    }
}
Cargo fix 2022-03-15 20:00:43 +01:00



Session initialization 2022-03-15 17:52:47 +01:00			`use once_cell::sync::OnceCell;`
Cargo fix 2022-03-15 20:00:43 +01:00			`use crate::authorization::roles::{Roles};`
Api framework impl 2022-03-13 17:29:21 +01:00			`use crate::resources::Resource;`
Session initialization 2022-03-15 17:52:47 +01:00			`use crate::Users;`
			`use crate::users::UserRef;`
Implement more API 2022-03-12 17:31:53 +01:00

			`#[derive(Clone)]`
			`pub struct SessionManager {`
Session initialization 2022-03-15 17:52:47 +01:00			`users: Users,`
Impl roles 2022-03-15 19:14:04 +01:00			`roles: Roles,`

			`// cache: SessionCache // todo`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`impl SessionManager {`
Impl roles 2022-03-15 19:14:04 +01:00			`pub fn new(users: Users, roles: Roles) -> Self {`
			`Self { users, roles }`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
Session initialization 2022-03-15 17:52:47 +01:00
			`// TODO: make infallible`
Implement more API 2022-03-12 17:31:53 +01:00			`pub fn open(&self, uid: impl AsRef<str>) -> Option<SessionHandle> {`
Session initialization 2022-03-15 17:52:47 +01:00			`let uid = uid.as_ref();`
			`if let Some(user) = self.users.get_user(uid) {`
			`tracing::trace!(uid, "opening new session for user");`
Impl roles 2022-03-15 19:14:04 +01:00			`Some(SessionHandle {`
			`users: self.users.clone(),`
			`roles: self.roles.clone(),`
			`user: UserRef::new(user.id),`
			`})`
Session initialization 2022-03-15 17:52:47 +01:00			`} else {`
			`None`
			`}`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`}`

Impl roles 2022-03-15 19:14:04 +01:00			`#[derive(Clone)]`
Implement more API 2022-03-12 17:31:53 +01:00			`pub struct SessionHandle {`
Impl roles 2022-03-15 19:14:04 +01:00			`users: Users,`
			`roles: Roles,`

Session initialization 2022-03-15 17:52:47 +01:00			`user: UserRef,`
Implement more API 2022-03-12 17:31:53 +01:00			`}`

			`impl SessionHandle {`
Session initialization 2022-03-15 17:52:47 +01:00			`pub fn get_user(&self) -> UserRef {`
Impl roles 2022-03-15 19:14:04 +01:00			`self.user.clone()`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`

			`pub fn has_disclose(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, &resource.get_required_privs().disclose)`
			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_read(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, &resource.get_required_privs().read)`
			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_write(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, &resource.get_required_privs().write)`
			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_manage(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, &resource.get_required_privs().manage)`
			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
Implement more API 2022-03-12 17:31:53 +01:00			`}`