fabaccess-bffh/src/db/user.rs

//! UserDB does two kinds of lookups:
//! 1. "I have this here username, what user is that"
//! 2. "I have this here user, what are their roles (and other associated data)"
use serde::{Serialize, Deserialize};
use std::fmt;
use std::fs;
use std::iter::FromIterator;
use std::path::Path;
use crate::db::access::RoleIdentifier;
use std::collections::HashMap;

use crate::error::Result;

mod internal;

#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
/// An user
pub struct User {
    /// The precise (and unique) identifier of this user
    pub id: UserId,
    /// Data BFFH stores on this user to base decisions on
    pub data: UserData,
}

impl User {
    pub fn new(id: UserId, data: UserData) -> Self {
        Self { id, data }
    }
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
/// Authorization Identity
///
/// This identity is internal to FabAccess and completely independent from the authentication
/// method or source
pub struct UserId {
    /// Main User ID. Generally an user name or similar. Locally unique
    uid: String,
    /// Sub user ID. 
    ///
    /// Can change scopes for permissions, e.g. having a +admin account with more permissions than
    /// the default account and +dashboard et.al. accounts that have restricted permissions for
    /// their applications
    subuid: Option<String>,
    /// Realm this account originates.
    ///
    /// The Realm is usually described by a domain name but local policy may dictate an unrelated
    /// mapping
    realm: Option<String>,
}

impl UserId {
    pub fn new(uid: String, subuid: Option<String>, realm: Option<String>) -> Self {
        Self { uid, subuid, realm }
    }
}

impl fmt::Display for UserId {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        let r = write!(f, "{}", self.uid);
        if let Some(ref s) = self.subuid {
            write!(f, "+{}", s)?;
        }
        if let Some(ref l) = self.realm {
            write!(f, "@{}", l)?;
        }
        r
    }
}

#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]
/// Data on an user to base decisions on
///
/// This of course includes authorization data, i.e. that users set roles
pub struct UserData {
    /// A Person has N ≥ 0 roles.
    /// Persons are only ever given roles, not permissions directly
    pub roles: Vec<RoleIdentifier>,

    #[serde(skip_serializing_if = "is_zero")]
    #[serde(default = "default_priority")]
    /// A priority number, defaulting to 0.
    ///
    /// The higher, the higher the priority. Higher priority users overwrite lower priority ones.
    pub priority: u64,

    /// Additional data storage
    #[serde(flatten, skip_serializing_if = "HashMap::is_empty")]
    kv: HashMap<String, String>,
}

impl UserData {
    pub fn new(roles: Vec<RoleIdentifier>, priority: u64) -> Self {
        Self { 
            roles: roles,
            priority: priority,
            kv: HashMap::new(),
        }
    }
}

fn is_zero(i: &u64) -> bool {
    *i == 0
}
const fn default_priority() -> u64 {
    0
}

pub fn load_file<P: AsRef<Path>>(path: P) -> Result<HashMap<String, User>> {
    let f = fs::read(path)?;
    let mut map: HashMap<String, UserData> = toml::from_slice(&f)?;

    Ok(HashMap::from_iter(map.drain().map(|(uid, user_data)| 
        ( uid.clone()
        , User::new(UserId::new(uid, None, None), user_data)
        )
    )))
}

#[cfg(test_DISABLED)]
mod tests {
    use super::*;

    #[test]
    fn format_uid_test() {
        let uid = "testuser".to_string();
        let suid = "testsuid".to_string();
        let realm = "testloc".to_string();

        assert_eq!("testuser", 
            format!("{}", UserIdentifier::new(uid.clone(), None, None)));
        assert_eq!("testuser+testsuid", 
            format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
        assert_eq!("testuser+testsuid", 
            format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));
        assert_eq!("testuser+testsuid@testloc", 
            format!("{}", UserIdentifier::new(uid, Some(suid), Some(realm))));
    }
}
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`//! UserDB does two kinds of lookups:`
			`//! 1. "I have this here username, what user is that"`
			`//! 2. "I have this here user, what are their roles (and other associated data)"`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`use serde::{Serialize, Deserialize};`
			`use std::fmt;`
Users loading, noot noot! 2020-12-16 13:30:04 +01:00			`use std::fs;`
			`use std::iter::FromIterator;`
			`use std::path::Path;`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`use crate::db::access::RoleIdentifier;`
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`use std::collections::HashMap;`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Users loading, noot noot! 2020-12-16 13:30:04 +01:00			`use crate::error::Result;`

Actually make compile for once. 2020-11-24 15:57:23 +01:00			`mod internal;`

			`#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]`
Password DB and other shenanigans 2020-11-30 07:23:47 +01:00			`/// An user`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`pub struct User {`
Password DB and other shenanigans 2020-11-30 07:23:47 +01:00			`/// The precise (and unique) identifier of this user`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`pub id: UserId,`
Password DB and other shenanigans 2020-11-30 07:23:47 +01:00			`/// Data BFFH stores on this user to base decisions on`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`pub data: UserData,`
			`}`

Initiators first concept 2020-12-02 16:20:50 +01:00			`impl User {`
			`pub fn new(id: UserId, data: UserData) -> Self {`
			`Self { id, data }`
			`}`
			`}`

Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]`
			`/// Authorization Identity`
			`///`
			`/// This identity is internal to FabAccess and completely independent from the authentication`
			`/// method or source`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`pub struct UserId {`
Password DB and other shenanigans 2020-11-30 07:23:47 +01:00			`/// Main User ID. Generally an user name or similar. Locally unique`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`uid: String,`
			`/// Sub user ID.`
			`///`
			`/// Can change scopes for permissions, e.g. having a +admin account with more permissions than`
			`/// the default account and +dashboard et.al. accounts that have restricted permissions for`
			`/// their applications`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`subuid: Option<String>,`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`/// Realm this account originates.`
			`///`
			`/// The Realm is usually described by a domain name but local policy may dictate an unrelated`
			`/// mapping`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`realm: Option<String>,`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`}`

Actually make compile for once. 2020-11-24 15:57:23 +01:00			`impl UserId {`
			`pub fn new(uid: String, subuid: Option<String>, realm: Option<String>) -> Self {`
			`Self { uid, subuid, realm }`
			`}`
			`}`

			`impl fmt::Display for UserId {`
			`fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {`
			`let r = write!(f, "{}", self.uid);`
			`if let Some(ref s) = self.subuid {`
			`write!(f, "+{}", s)?;`
			`}`
			`if let Some(ref l) = self.realm {`
			`write!(f, "@{}", l)?;`
			`}`
			`r`
			`}`
			`}`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`#[derive(PartialEq, Eq, Debug, Clone, Serialize, Deserialize)]`
Password DB and other shenanigans 2020-11-30 07:23:47 +01:00			`/// Data on an user to base decisions on`
			`///`
			`/// This of course includes authorization data, i.e. that users set roles`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`pub struct UserData {`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`/// A Person has N ≥ 0 roles.`
			`/// Persons are only ever given roles, not permissions directly`
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`pub roles: Vec<RoleIdentifier>,`

Refactor machines somewhat 2020-11-30 14:08:03 +01:00			`#[serde(skip_serializing_if = "is_zero")]`
			`#[serde(default = "default_priority")]`
			`/// A priority number, defaulting to 0.`
			`///`
			`/// The higher, the higher the priority. Higher priority users overwrite lower priority ones.`
			`pub priority: u64,`

Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`/// Additional data storage`
Users loading, noot noot! 2020-12-16 13:30:04 +01:00			`#[serde(flatten, skip_serializing_if = "HashMap::is_empty")]`
			`kv: HashMap<String, String>,`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`}`

Initiators first concept 2020-12-02 16:20:50 +01:00			`impl UserData {`
			`pub fn new(roles: Vec<RoleIdentifier>, priority: u64) -> Self {`
			`Self {`
			`roles: roles,`
			`priority: priority,`
			`kv: HashMap::new(),`
			`}`
			`}`
			`}`

Refactor machines somewhat 2020-11-30 14:08:03 +01:00			`fn is_zero(i: &u64) -> bool {`
			`*i == 0`
			`}`
			`const fn default_priority() -> u64 {`
			`0`
			`}`

Users loading, noot noot! 2020-12-16 13:30:04 +01:00			`pub fn load_file<P: AsRef<Path>>(path: P) -> Result<HashMap<String, User>> {`
			`let f = fs::read(path)?;`
			`let mut map: HashMap<String, UserData> = toml::from_slice(&f)?;`

			`Ok(HashMap::from_iter(map.drain().map(\|(uid, user_data)\|`
			`( uid.clone()`
			`, User::new(UserId::new(uid, None, None), user_data)`
			`)`
			`)))`
			`}`

Turns out none of that works. 2020-12-01 16:06:39 +01:00			`#[cfg(test_DISABLED)]`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`mod tests {`
			`use super::*;`

			`#[test]`
			`fn format_uid_test() {`
			`let uid = "testuser".to_string();`
			`let suid = "testsuid".to_string();`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`let realm = "testloc".to_string();`
Moves databases around a touch 2020-10-26 12:58:55 +01:00
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`assert_eq!("testuser",`
			`format!("{}", UserIdentifier::new(uid.clone(), None, None)));`
			`assert_eq!("testuser+testsuid",`
			`format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));`
			`assert_eq!("testuser+testsuid",`
			`format!("{}", UserIdentifier::new(uid.clone(), Some(suid.clone()), None)));`
			`assert_eq!("testuser+testsuid@testloc",`
Actually make compile for once. 2020-11-24 15:57:23 +01:00			`format!("{}", UserIdentifier::new(uid, Some(suid), Some(realm))));`
Make compile (well.. not really) 2020-11-24 14:41:19 +01:00			`}`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`}`