fabaccess-bffh/bffhd/session/mod.rs

use crate::authorization::permissions::Permission;
use crate::authorization::roles::Roles;
use crate::resources::Resource;
use crate::users::{db, UserRef};
use crate::Users;

#[derive(Clone)]
pub struct SessionManager {
    users: Users,
    roles: Roles,
    // cache: SessionCache // todo
}
impl SessionManager {
    pub fn new(users: Users, roles: Roles) -> Self {
        Self { users, roles }
    }

    // TODO: make infallible
    pub fn open(&self, uid: impl AsRef<str>) -> Option<SessionHandle> {
        let uid = uid.as_ref();
        if let Some(user) = self.users.get_user(uid) {
            tracing::trace!(uid, ?user, "opening new session for user");
            Some(SessionHandle {
                users: self.users.clone(),
                roles: self.roles.clone(),
                user: UserRef::new(user.id),
            })
        } else {
            None
        }
    }
}

#[derive(Clone)]
pub struct SessionHandle {
    pub users: Users,
    pub roles: Roles,

    user: UserRef,
}

impl SessionHandle {
    pub fn get_user_ref(&self) -> UserRef {
        self.user.clone()
    }

    pub fn get_user(&self) -> db::User {
        self.users
            .get_user(self.user.get_username())
            .expect("Failed to get user self")
    }

    pub fn has_disclose(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().disclose)
        } else {
            false
        }
    }
    pub fn has_read(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().read)
        } else {
            false
        }
    }
    pub fn has_write(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().write)
        } else {
            false
        }
    }
    pub fn has_manage(&self, resource: &Resource) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles
                .is_permitted(&user.userdata, &resource.get_required_privs().manage)
        } else {
            false
        }
    }
    pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {
        if let Some(user) = self.users.get_user(self.user.get_username()) {
            self.roles.is_permitted(&user.userdata, perm)
        } else {
            false
        }
    }
}
Implement more API to make Borepin happier 2022-03-16 20:17:59 +01:00			`use crate::authorization::permissions::Permission;`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use crate::authorization::roles::Roles;`
Api framework impl 2022-03-13 17:29:21 +01:00			`use crate::resources::Resource;`
User admin methods 2022-03-21 00:01:50 +01:00			`use crate::users::{db, UserRef};`
Run rustfmt 2022-05-05 15:50:44 +02:00			`use crate::Users;`
Implement more API 2022-03-12 17:31:53 +01:00
			`#[derive(Clone)]`
			`pub struct SessionManager {`
Session initialization 2022-03-15 17:52:47 +01:00			`users: Users,`
Impl roles 2022-03-15 19:14:04 +01:00			`roles: Roles,`
			`// cache: SessionCache // todo`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`impl SessionManager {`
Impl roles 2022-03-15 19:14:04 +01:00			`pub fn new(users: Users, roles: Roles) -> Self {`
			`Self { users, roles }`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
Session initialization 2022-03-15 17:52:47 +01:00
			`// TODO: make infallible`
Implement more API 2022-03-12 17:31:53 +01:00			`pub fn open(&self, uid: impl AsRef<str>) -> Option<SessionHandle> {`
Session initialization 2022-03-15 17:52:47 +01:00			`let uid = uid.as_ref();`
			`if let Some(user) = self.users.get_user(uid) {`
Make capnp machines api work again 2022-03-16 19:01:09 +01:00			`tracing::trace!(uid, ?user, "opening new session for user");`
Impl roles 2022-03-15 19:14:04 +01:00			`Some(SessionHandle {`
			`users: self.users.clone(),`
			`roles: self.roles.clone(),`
			`user: UserRef::new(user.id),`
			`})`
Session initialization 2022-03-15 17:52:47 +01:00			`} else {`
			`None`
			`}`
Implement more API 2022-03-12 17:31:53 +01:00			`}`
			`}`

Impl roles 2022-03-15 19:14:04 +01:00			`#[derive(Clone)]`
Implement more API 2022-03-12 17:31:53 +01:00			`pub struct SessionHandle {`
User admin methods 2022-03-21 00:01:50 +01:00			`pub users: Users,`
			`pub roles: Roles,`
Impl roles 2022-03-15 19:14:04 +01:00
Session initialization 2022-03-15 17:52:47 +01:00			`user: UserRef,`
Implement more API 2022-03-12 17:31:53 +01:00			`}`

			`impl SessionHandle {`
User admin methods 2022-03-21 00:01:50 +01:00			`pub fn get_user_ref(&self) -> UserRef {`
Impl roles 2022-03-15 19:14:04 +01:00			`self.user.clone()`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`

User admin methods 2022-03-21 00:01:50 +01:00			`pub fn get_user(&self) -> db::User {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.users`
			`.get_user(self.user.get_username())`
			`.expect("Failed to get user self")`
User admin methods 2022-03-21 00:01:50 +01:00			`}`

Api framework impl 2022-03-13 17:29:21 +01:00			`pub fn has_disclose(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().disclose)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_read(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().read)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_write(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().write)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
			`pub fn has_manage(&self, resource: &Resource) -> bool {`
Impl roles 2022-03-15 19:14:04 +01:00			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
Run rustfmt 2022-05-05 15:50:44 +02:00			`self.roles`
			`.is_permitted(&user.userdata, &resource.get_required_privs().manage)`
Impl roles 2022-03-15 19:14:04 +01:00			`} else {`
			`false`
			`}`
Api framework impl 2022-03-13 17:29:21 +01:00			`}`
Implement more API to make Borepin happier 2022-03-16 20:17:59 +01:00			`pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {`
			`if let Some(user) = self.users.get_user(self.user.get_username()) {`
			`self.roles.is_permitted(&user.userdata, perm)`
			`} else {`
			`false`
			`}`
			`}`
Run rustfmt 2022-05-05 15:50:44 +02:00			`}`