fabaccess-bffh/bffhd/resources/mod.rs

183 lines
5.7 KiB
Rust
Raw Normal View History

2022-03-13 20:11:37 +01:00
use std::ops::Deref;
use std::sync::Arc;
use futures_signals::signal::{Mutable, Signal, SignalExt};
use lmdb::RoTransaction;
use rkyv::Archived;
use crate::db::LMDBorrow;
2022-03-13 17:29:21 +01:00
use crate::resources::modules::fabaccess::{MachineState, Status};
2022-03-13 20:11:37 +01:00
use crate::resources::state::db::StateDB;
2022-03-13 17:29:21 +01:00
use crate::resources::state::State;
use crate::session::SessionHandle;
use crate::users::User;
2021-11-26 02:25:48 +01:00
pub mod claim;
2022-03-08 18:52:49 +01:00
pub mod db;
2022-03-13 17:29:21 +01:00
pub mod driver;
pub mod search;
pub mod state;
2021-11-26 02:25:48 +01:00
2022-03-13 17:29:21 +01:00
pub mod modules;
2021-11-26 21:01:43 +01:00
2022-03-13 17:29:21 +01:00
pub struct PermissionDenied;
2021-10-27 21:32:50 +02:00
2022-03-13 20:11:37 +01:00
pub(crate) struct Inner {
id: String,
db: StateDB,
signal: Mutable<MachineState>,
}
impl Inner {
pub fn new(id: String, db: StateDB) -> Self {
let state = if let Some(previous) = db.get_output(id.as_bytes()).unwrap() {
let state = MachineState::from(&previous);
tracing::info!(%id, ?state, "Found previous state");
state
} else {
tracing::info!(%id, "No previous state, defaulting to `free`");
MachineState::free(None)
};
let signal = Mutable::new(state);
Self { id, db, signal }
}
pub fn signal(&self) -> impl Signal<Item=MachineState> {
Box::pin(self.signal.signal_cloned().dedupe_cloned())
}
fn get_state(&self) -> MachineState {
MachineState::from(&self.db.get_output(self.id.as_bytes()).unwrap().unwrap())
}
fn get_raw_state(&self) -> Option<LMDBorrow<RoTransaction, Archived<State>>> {
self.db.get_output(self.id.as_bytes()).unwrap()
}
fn set_state(&self, state: MachineState) {
let span = tracing::debug_span!("set", id = %self.id, ?state, "Updating state");
let _guard = span.enter();
tracing::debug!("Updating state");
tracing::trace!("Updating DB");
let update = state.to_state();
self.db.update(self.id.as_bytes(), &update, &update).unwrap();
tracing::trace!("Updated DB, sending update signal");
self.signal.set(state);
tracing::trace!("Sent update signal");
}
}
2022-03-13 17:29:21 +01:00
#[derive(Clone)]
2022-03-13 20:11:37 +01:00
pub struct Resource {
inner: Arc<Inner>
}
2022-03-13 17:29:21 +01:00
impl Resource {
2022-03-13 20:11:37 +01:00
pub(crate) fn new(inner: Arc<Inner>) -> Self {
Self { inner }
}
pub fn get_raw_state(&self) -> Option<LMDBorrow<RoTransaction, Archived<State>>> {
self.inner.get_raw_state()
}
2022-03-13 17:29:21 +01:00
pub fn get_state(&self) -> MachineState {
2022-03-13 20:11:37 +01:00
self.inner.get_state()
}
pub fn get_id(&self) -> &str {
&self.inner.id
2022-03-13 17:29:21 +01:00
}
2022-03-13 17:29:21 +01:00
fn set_state(&self, state: MachineState) {
2022-03-13 20:11:37 +01:00
}
fn set_status(&self, state: Status) {
2022-03-13 17:29:21 +01:00
unimplemented!()
}
2022-03-13 17:29:21 +01:00
fn set_previous_user(&self, user: User) {
unimplemented!()
}
2022-03-13 20:11:37 +01:00
pub async fn try_update(&self, session: SessionHandle, new: Status) {
2022-03-13 17:29:21 +01:00
let old = self.get_state();
let user = session.get_user();
if session.has_manage(self) // Default allow for managers
|| (session.has_write(self) // Decision tree for writers
2022-03-13 20:11:37 +01:00
&& match (old.state, &new) {
2022-03-13 17:29:21 +01:00
// Going from available to used by the person requesting is okay.
(Status::Free, Status::InUse(who))
// Check that the person requesting does not request for somebody else.
// *That* is manage privilege.
if who == &user => true,
// Reserving things for ourself is okay.
(Status::Free, Status::Reserved(whom))
if &user == whom => true,
// Returning things we've been using is okay. This includes both if
// they're being freed or marked as to be checked.
(Status::InUse(who), Status::Free | Status::ToCheck(_))
if who == user => true,
// Un-reserving things we reserved is okay
(Status::Reserved(whom), Status::Free)
if user == whom => true,
// Using things that we've reserved is okay. But the person requesting
// that has to be the person that reserved the machine. Otherwise
// somebody could make a machine reserved by a different user as used by
// that different user but use it themself.
(Status::Reserved(whom), Status::InUse(who))
if user == whom && who == &whom => true,
// Default is deny.
_ => false
})
// Default permissions everybody has
2022-03-13 20:11:37 +01:00
|| match (old.state, &new) {
2022-03-13 17:29:21 +01:00
// Returning things we've been using is okay. This includes both if
// they're being freed or marked as to be checked.
(Status::InUse(who), Status::Free | Status::ToCheck(_)) if who == user => true,
// Un-reserving things we reserved is okay
(Status::Reserved(whom), Status::Free) if user == whom => true,
// Default is deny.
_ => false,
}
2022-03-13 17:29:21 +01:00
{
2022-03-13 20:11:37 +01:00
self.set_status(new);
}
}
2021-10-27 21:32:50 +02:00
2022-03-13 17:29:21 +01:00
pub async fn give_back(&self, session: SessionHandle) {
if let Status::InUse(user) = self.get_state().state {
if user == session.get_user() {
2022-03-13 20:11:37 +01:00
self.set_state(MachineState::free(Some(user)));
2022-03-13 17:29:21 +01:00
}
}
}
2021-10-27 21:32:50 +02:00
2022-03-13 20:11:37 +01:00
pub async fn force_set(&self, new: Status) {
2022-03-13 17:29:21 +01:00
unimplemented!()
}
2021-10-27 21:32:50 +02:00
2022-03-13 17:29:21 +01:00
pub fn visible(&self, session: &SessionHandle) -> bool {
session.has_disclose(self) || self.is_owned_by(session.get_user())
2021-10-27 21:32:50 +02:00
}
2022-03-13 17:29:21 +01:00
pub fn is_owned_by(&self, owner: User) -> bool {
match self.get_state().state {
Status::Free | Status::Disabled => false,
2021-10-27 21:32:50 +02:00
2022-03-13 17:29:21 +01:00
Status::InUse(user)
| Status::ToCheck(user)
| Status::Blocked(user)
| Status::Reserved(user) => user == owner,
2021-10-27 21:32:50 +02:00
}
}
2022-03-13 17:29:21 +01:00
}