fabaccess-bffh/src/access.rs

//! Access control logic
//!

use slog::Logger;

use casbin::prelude::*;

use super::config::Config;

use futures_signals::signal::Mutable;

use crate::api::api;
use crate::auth::Authentication;
use crate::error::Result;

#[derive(Clone)]
pub struct Permissions {
    log: Logger,
    pdb: Mutable<Enforcer>,
    auth: Authentication,
}

impl Permissions {
    pub fn new(log: Logger, pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
        Self { log, pdb, auth }
    }

    pub fn enforce(&self, object: &str, action: &str) -> bool {
        if let Some(actor) = self.auth.get_authzid() {
            trace!(self.log, "Checking permission {} for {} on {}", action, actor, object);
            let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap();
            if !r {
                info!(self.log, "Failed permission {} for {} on {}", action, actor, object);
            }
            return r;
        } else {
            info!(self.log, "Attempted anonymous access: {} on {}", action, object);
            false
        }
    }
}

impl api::permissions::Server for Permissions {

}

/// This line documents init
pub async fn init(config: &Config) -> std::result::Result<Enforcer, Box<dyn std::error::Error>> {
    let model = Model::from_file(config.access.model.clone()).await?;
    let adapter = Box::new(FileAdapter::new(config.access.policy.clone()));

    let e = Enforcer::new(model, adapter).await?;

    return Ok(e);
}
Initial commit 2020-02-14 12:20:17 +01:00			`//! Access control logic`
			`//!`

Logging 2020-02-17 15:07:55 +01:00			`use slog::Logger;`

Initial commit 2020-02-14 12:20:17 +01:00			`use casbin::prelude::*;`

			`use super::config::Config;`

(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`use futures_signals::signal::Mutable;`

Schema update 2020-02-17 03:44:02 +01:00			`use crate::api::api;`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`use crate::auth::Authentication;`
			`use crate::error::Result;`
Schema update 2020-02-17 03:44:02 +01:00
			`#[derive(Clone)]`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`pub struct Permissions {`
Logging 2020-02-17 15:07:55 +01:00			`log: Logger,`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`pdb: Mutable<Enforcer>,`
			`auth: Authentication,`
			`}`

			`impl Permissions {`
Logging 2020-02-17 15:07:55 +01:00			`pub fn new(log: Logger, pdb: Mutable<Enforcer>, auth: Authentication) -> Self {`
			`Self { log, pdb, auth }`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`}`

			`pub fn enforce(&self, object: &str, action: &str) -> bool {`
			`if let Some(actor) = self.auth.get_authzid() {`
Logging 2020-02-17 15:07:55 +01:00			`trace!(self.log, "Checking permission {} for {} on {}", action, actor, object);`
			`let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap();`
			`if !r {`
			`info!(self.log, "Failed permission {} for {} on {}", action, actor, object);`
			`}`
			`return r;`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`} else {`
Logging 2020-02-17 15:07:55 +01:00			`info!(self.log, "Attempted anonymous access: {} on {}", action, object);`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`false`
			`}`
			`}`
			`}`
Schema update 2020-02-17 03:44:02 +01:00
			`impl api::permissions::Server for Permissions {`

			`}`

An initial working state PoC, Authentication works but not much more 2020-02-16 16:02:03 +01:00			`/// This line documents init`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`pub async fn init(config: &Config) -> std::result::Result<Enforcer, Box<dyn std::error::Error>> {`
Initial commit 2020-02-14 12:20:17 +01:00			`let model = Model::from_file(config.access.model.clone()).await?;`
			`let adapter = Box::new(FileAdapter::new(config.access.policy.clone()));`

			`let e = Enforcer::new(model, adapter).await?;`

			`return Ok(e);`
			`}`