2022-03-16 20:17:59 +01:00
|
|
|
use crate::authorization::permissions::Permission;
|
2022-05-05 15:50:44 +02:00
|
|
|
use crate::authorization::roles::Roles;
|
2022-03-13 17:29:21 +01:00
|
|
|
use crate::resources::Resource;
|
2023-01-02 06:00:29 +01:00
|
|
|
use crate::users::db::User;
|
2022-03-21 00:01:50 +01:00
|
|
|
use crate::users::{db, UserRef};
|
2022-05-05 15:50:44 +02:00
|
|
|
use crate::Users;
|
2022-06-24 13:57:47 +02:00
|
|
|
use tracing::Span;
|
2022-03-12 17:31:53 +01:00
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct SessionManager {
|
2022-03-15 17:52:47 +01:00
|
|
|
users: Users,
|
2022-03-15 19:14:04 +01:00
|
|
|
roles: Roles,
|
|
|
|
// cache: SessionCache // todo
|
2022-03-12 17:31:53 +01:00
|
|
|
}
|
|
|
|
impl SessionManager {
|
2022-03-15 19:14:04 +01:00
|
|
|
pub fn new(users: Users, roles: Roles) -> Self {
|
|
|
|
Self { users, roles }
|
2022-03-12 17:31:53 +01:00
|
|
|
}
|
2022-03-15 17:52:47 +01:00
|
|
|
|
2022-11-01 10:47:51 +01:00
|
|
|
pub fn try_open(&self, parent: &Span, uid: impl AsRef<str>) -> Option<SessionHandle> {
|
2023-01-02 06:00:29 +01:00
|
|
|
self.users
|
|
|
|
.get_user(uid.as_ref())
|
|
|
|
.map(|user| self.open(parent, user))
|
2022-11-01 10:47:51 +01:00
|
|
|
}
|
|
|
|
|
2022-03-15 17:52:47 +01:00
|
|
|
// TODO: make infallible
|
2022-11-01 10:47:51 +01:00
|
|
|
pub fn open(&self, parent: &Span, user: User) -> SessionHandle {
|
|
|
|
let uid = user.id.as_str();
|
|
|
|
let span = tracing::info_span!(
|
|
|
|
target: "bffh::api",
|
|
|
|
parent: parent,
|
|
|
|
"session",
|
|
|
|
uid,
|
|
|
|
);
|
|
|
|
tracing::trace!(parent: &span, uid, ?user, "opening session");
|
|
|
|
SessionHandle {
|
|
|
|
span,
|
|
|
|
users: self.users.clone(),
|
|
|
|
roles: self.roles.clone(),
|
|
|
|
user: UserRef::new(user.id),
|
2022-03-15 17:52:47 +01:00
|
|
|
}
|
2022-03-12 17:31:53 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-15 19:14:04 +01:00
|
|
|
#[derive(Clone)]
|
2022-03-12 17:31:53 +01:00
|
|
|
pub struct SessionHandle {
|
2022-06-24 13:57:47 +02:00
|
|
|
pub span: Span,
|
|
|
|
|
2022-03-21 00:01:50 +01:00
|
|
|
pub users: Users,
|
|
|
|
pub roles: Roles,
|
2022-03-15 19:14:04 +01:00
|
|
|
|
2022-03-15 17:52:47 +01:00
|
|
|
user: UserRef,
|
2022-03-12 17:31:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
impl SessionHandle {
|
2022-03-21 00:01:50 +01:00
|
|
|
pub fn get_user_ref(&self) -> UserRef {
|
2022-03-15 19:14:04 +01:00
|
|
|
self.user.clone()
|
2022-03-13 17:29:21 +01:00
|
|
|
}
|
|
|
|
|
2022-03-21 00:01:50 +01:00
|
|
|
pub fn get_user(&self) -> db::User {
|
2022-05-05 15:50:44 +02:00
|
|
|
self.users
|
|
|
|
.get_user(self.user.get_username())
|
|
|
|
.expect("Failed to get user self")
|
2022-03-21 00:01:50 +01:00
|
|
|
}
|
|
|
|
|
2022-03-13 17:29:21 +01:00
|
|
|
pub fn has_disclose(&self, resource: &Resource) -> bool {
|
2022-03-15 19:14:04 +01:00
|
|
|
if let Some(user) = self.users.get_user(self.user.get_username()) {
|
2022-05-05 15:50:44 +02:00
|
|
|
self.roles
|
|
|
|
.is_permitted(&user.userdata, &resource.get_required_privs().disclose)
|
2022-03-15 19:14:04 +01:00
|
|
|
} else {
|
|
|
|
false
|
|
|
|
}
|
2022-03-13 17:29:21 +01:00
|
|
|
}
|
|
|
|
pub fn has_read(&self, resource: &Resource) -> bool {
|
2022-03-15 19:14:04 +01:00
|
|
|
if let Some(user) = self.users.get_user(self.user.get_username()) {
|
2022-05-05 15:50:44 +02:00
|
|
|
self.roles
|
|
|
|
.is_permitted(&user.userdata, &resource.get_required_privs().read)
|
2022-03-15 19:14:04 +01:00
|
|
|
} else {
|
|
|
|
false
|
|
|
|
}
|
2022-03-13 17:29:21 +01:00
|
|
|
}
|
|
|
|
pub fn has_write(&self, resource: &Resource) -> bool {
|
2022-03-15 19:14:04 +01:00
|
|
|
if let Some(user) = self.users.get_user(self.user.get_username()) {
|
2022-05-05 15:50:44 +02:00
|
|
|
self.roles
|
|
|
|
.is_permitted(&user.userdata, &resource.get_required_privs().write)
|
2022-03-15 19:14:04 +01:00
|
|
|
} else {
|
|
|
|
false
|
|
|
|
}
|
2022-03-13 17:29:21 +01:00
|
|
|
}
|
|
|
|
pub fn has_manage(&self, resource: &Resource) -> bool {
|
2022-03-15 19:14:04 +01:00
|
|
|
if let Some(user) = self.users.get_user(self.user.get_username()) {
|
2022-05-05 15:50:44 +02:00
|
|
|
self.roles
|
|
|
|
.is_permitted(&user.userdata, &resource.get_required_privs().manage)
|
2022-03-15 19:14:04 +01:00
|
|
|
} else {
|
|
|
|
false
|
|
|
|
}
|
2022-03-13 17:29:21 +01:00
|
|
|
}
|
2022-03-16 20:17:59 +01:00
|
|
|
pub fn has_perm(&self, perm: impl AsRef<Permission>) -> bool {
|
|
|
|
if let Some(user) = self.users.get_user(self.user.get_username()) {
|
|
|
|
self.roles.is_permitted(&user.userdata, perm)
|
|
|
|
} else {
|
|
|
|
false
|
|
|
|
}
|
|
|
|
}
|
2022-05-05 15:50:44 +02:00
|
|
|
}
|