2020-10-26 12:58:55 +01:00
|
|
|
use serde::{Serialize, Deserialize};
|
|
|
|
use std::fmt;
|
|
|
|
use crate::db::access::RoleIdentifier;
|
2020-10-28 16:25:33 +01:00
|
|
|
use std::collections::HashMap;
|
2020-10-26 12:58:55 +01:00
|
|
|
|
2020-11-24 14:41:19 +01:00
|
|
|
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
|
|
|
|
/// Authorization Identity
|
|
|
|
///
|
|
|
|
/// This identity is internal to FabAccess and completely independent from the authentication
|
|
|
|
/// method or source
|
|
|
|
struct AuthZId {
|
|
|
|
/// Main User ID. Generally an user name or similar
|
|
|
|
uid: String,
|
|
|
|
/// Sub user ID.
|
|
|
|
///
|
|
|
|
/// Can change scopes for permissions, e.g. having a +admin account with more permissions than
|
|
|
|
/// the default account and +dashboard et.al. accounts that have restricted permissions for
|
|
|
|
/// their applications
|
|
|
|
subuid: String,
|
|
|
|
/// Realm this account originates.
|
|
|
|
///
|
|
|
|
/// The Realm is usually described by a domain name but local policy may dictate an unrelated
|
|
|
|
/// mapping
|
|
|
|
realm: String,
|
|
|
|
}
|
|
|
|
|
2020-10-26 12:58:55 +01:00
|
|
|
/// A Person, from the Authorization perspective
|
2020-11-10 14:56:28 +01:00
|
|
|
#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]
|
2020-11-24 14:16:22 +01:00
|
|
|
pub struct AuthzContext {
|
2020-10-28 16:25:33 +01:00
|
|
|
/// The identification of this user.
|
2020-11-24 14:41:19 +01:00
|
|
|
pub id: AuthZId,
|
2020-10-26 12:58:55 +01:00
|
|
|
|
|
|
|
/// A Person has N ≥ 0 roles.
|
|
|
|
/// Persons are only ever given roles, not permissions directly
|
2020-10-28 16:25:33 +01:00
|
|
|
pub roles: Vec<RoleIdentifier>,
|
|
|
|
|
|
|
|
/// Additional data storage
|
|
|
|
#[serde(flatten)]
|
|
|
|
kv: HashMap<Box<[u8]>, Box<[u8]>>,
|
2020-10-26 12:58:55 +01:00
|
|
|
}
|
|
|
|
|
2020-11-24 14:41:19 +01:00
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use super::*;
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn format_uid_test() {
|
|
|
|
let uid = "testuser".to_string();
|
|
|
|
let suid = "testsuid".to_string();
|
|
|
|
let location = "testloc".to_string();
|
2020-10-26 12:58:55 +01:00
|
|
|
|
2020-11-24 14:41:19 +01:00
|
|
|
assert_eq!("testuser",
|
|
|
|
format!("{}", UserIdentifier::new(uid.clone(), None, None)));
|
|
|
|
assert_eq!("testuser+testsuid",
|
|
|
|
format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
|
|
|
|
assert_eq!("testuser+testsuid",
|
|
|
|
format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
|
|
|
|
assert_eq!("testuser+testsuid@testloc",
|
|
|
|
format!("{}", UserIdentifier::new(uid, Some(suid), Some(location))));
|
|
|
|
}
|
2020-10-26 12:58:55 +01:00
|
|
|
}
|