fabaccess-bffh/src/access.rs

56 lines
1.4 KiB
Rust
Raw Normal View History

2020-02-14 12:20:17 +01:00
//! Access control logic
//!
2020-02-17 15:07:55 +01:00
use slog::Logger;
2020-02-14 12:20:17 +01:00
use casbin::prelude::*;
use super::config::Config;
2020-02-17 14:56:43 +01:00
use futures_signals::signal::Mutable;
2020-02-17 03:44:02 +01:00
use crate::api::api;
2020-02-17 14:56:43 +01:00
use crate::auth::Authentication;
use crate::error::Result;
2020-02-17 03:44:02 +01:00
#[derive(Clone)]
2020-02-17 14:56:43 +01:00
pub struct Permissions {
2020-02-17 15:07:55 +01:00
log: Logger,
2020-02-17 14:56:43 +01:00
pdb: Mutable<Enforcer>,
auth: Authentication,
}
impl Permissions {
2020-02-17 15:07:55 +01:00
pub fn new(log: Logger, pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
Self { log, pdb, auth }
2020-02-17 14:56:43 +01:00
}
pub fn enforce(&self, object: &str, action: &str) -> bool {
if let Some(actor) = self.auth.get_authzid() {
2020-02-17 15:07:55 +01:00
trace!(self.log, "Checking permission {} for {} on {}", action, actor, object);
let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap();
if !r {
info!(self.log, "Failed permission {} for {} on {}", action, actor, object);
}
return r;
2020-02-17 14:56:43 +01:00
} else {
2020-02-17 15:07:55 +01:00
info!(self.log, "Attempted anonymous access: {} on {}", action, object);
2020-02-17 14:56:43 +01:00
false
}
}
}
2020-02-17 03:44:02 +01:00
impl api::permissions::Server for Permissions {
}
/// This line documents init
2020-02-17 14:56:43 +01:00
pub async fn init(config: &Config) -> std::result::Result<Enforcer, Box<dyn std::error::Error>> {
2020-02-14 12:20:17 +01:00
let model = Model::from_file(config.access.model.clone()).await?;
let adapter = Box::new(FileAdapter::new(config.access.policy.clone()));
let e = Enforcer::new(model, adapter).await?;
return Ok(e);
}