fabaccess-bffh/src/db/user.rs

use serde::{Serialize, Deserialize};
use std::fmt;
use crate::db::access::RoleIdentifier;
use std::collections::HashMap;

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
/// Authorization Identity
///
/// This identity is internal to FabAccess and completely independent from the authentication
/// method or source
struct AuthZId {
    /// Main User ID. Generally an user name or similar
    uid: String,
    /// Sub user ID. 
    ///
    /// Can change scopes for permissions, e.g. having a +admin account with more permissions than
    /// the default account and +dashboard et.al. accounts that have restricted permissions for
    /// their applications
    subuid: String,
    /// Realm this account originates.
    ///
    /// The Realm is usually described by a domain name but local policy may dictate an unrelated
    /// mapping
    realm: String,
}

/// A Person, from the Authorization perspective
#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]
pub struct AuthzContext {
    /// The identification of this user.
    pub id: AuthZId,

    /// A Person has N ≥ 0 roles.
    /// Persons are only ever given roles, not permissions directly
    pub roles: Vec<RoleIdentifier>,

    /// Additional data storage
    #[serde(flatten)]
    kv: HashMap<Box<[u8]>, Box<[u8]>>,
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn format_uid_test() {
        let uid = "testuser".to_string();
        let suid = "testsuid".to_string();
        let location = "testloc".to_string();

        assert_eq!("testuser", 
            format!("{}", UserIdentifier::new(uid.clone(), None, None)));
        assert_eq!("testuser+testsuid", 
            format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
        assert_eq!("testuser+testsuid", 
            format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
        assert_eq!("testuser+testsuid@testloc", 
            format!("{}", UserIdentifier::new(uid, Some(suid), Some(location))));
    }
}
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`use serde::{Serialize, Deserialize};`
			`use std::fmt;`
			`use crate::db::access::RoleIdentifier;`
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`use std::collections::HashMap;`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]`
			`/// Authorization Identity`
			`///`
			`/// This identity is internal to FabAccess and completely independent from the authentication`
			`/// method or source`
			`struct AuthZId {`
			`/// Main User ID. Generally an user name or similar`
			`uid: String,`
			`/// Sub user ID.`
			`///`
			`/// Can change scopes for permissions, e.g. having a +admin account with more permissions than`
			`/// the default account and +dashboard et.al. accounts that have restricted permissions for`
			`/// their applications`
			`subuid: String,`
			`/// Realm this account originates.`
			`///`
			`/// The Realm is usually described by a domain name but local policy may dictate an unrelated`
			`/// mapping`
			`realm: String,`
			`}`

Moves databases around a touch 2020-10-26 12:58:55 +01:00			`/// A Person, from the Authorization perspective`
Slowly getting there 2020-11-10 14:56:28 +01:00			`#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]`
Status commit 2020-11-24 14:16:22 +01:00			`pub struct AuthzContext {`
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`/// The identification of this user.`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`pub id: AuthZId,`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
			`/// A Person has N ≥ 0 roles.`
			`/// Persons are only ever given roles, not permissions directly`
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`pub roles: Vec<RoleIdentifier>,`

			`/// Additional data storage`
			`#[serde(flatten)]`
			`kv: HashMap<Box<[u8]>, Box<[u8]>>,`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`}`

Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`#[cfg(test)]`
			`mod tests {`
			`use super::*;`

			`#[test]`
			`fn format_uid_test() {`
			`let uid = "testuser".to_string();`
			`let suid = "testsuid".to_string();`
			`let location = "testloc".to_string();`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`assert_eq!("testuser",`
			`format!("{}", UserIdentifier::new(uid.clone(), None, None)));`
			`assert_eq!("testuser+testsuid",`
			`format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));`
			`assert_eq!("testuser+testsuid",`
			`format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));`
			`assert_eq!("testuser+testsuid@testloc",`
			`format!("{}", UserIdentifier::new(uid, Some(suid), Some(location))));`
			`}`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`}`