fabaccess-bffh/src/db/access.rs

//! Access control logic
//!

use std::fmt;
use std::collections::HashSet;

use std::convert::TryInto;

use std::path::{Path, PathBuf};
use std::fs;
use std::io::Write;
use std::sync::Arc;

use flexbuffers;
use serde::{Serialize, Deserialize};

use slog::Logger;
use lmdb::{Environment, Transaction, RwTransaction, Cursor};

use crate::config::Settings;
use crate::error::Result;

mod adapter_lmdb;

use adapter_lmdb::PermissionsDB;
pub use adapter_lmdb::init;

// FIXME: fabinfra/fabaccess/bffh#3
pub type RoleIdentifier = u64;
pub type PermIdentifier = u64;

pub trait AccessDB {
    fn check(&self, userID: UserIdentifier,  permID: PermIdentifier) -> Result<bool>;
    fn get_role(&self, roleID: RoleIdentifier) -> Result<Option<Role>>;
}

/// A "Role" from the Authorization perspective
///
/// You can think of a role as a bundle of permissions relating to other roles. In most cases a
/// role represents a real-world education or apprenticeship, which gives a person the education
/// necessary to use a machine safely.
/// Roles are assigned permissions which in most cases evaluate to granting a person the right to
/// use certain (potentially) dangerous machines. 
/// Using this indirection makes administration easier in certain ways; instead of maintaining
/// permissions on users directly the user is given a role after having been educated on the safety
/// of a machine; if later on a similar enough machine is put to use the administrator can just add
/// the permission for that machine to an already existing role instead of manually having to
/// assign to all users.
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub struct Role {
    name: String,

    /// A Role can have parents, inheriting all permissions
    ///
    /// This makes situations where different levels of access are required easier: Each higher
    /// level of access sets the lower levels of access as parent, inheriting their permission; if
    /// you are allowed to manage a machine you are then also allowed to use it and so on
    parents: Vec<RoleIdentifier>,
    permissions: Vec<PermIdentifier>,
}

type SourceID = String;

/// Universal (relative) id of a role
enum RoleID {
    /// The role comes from this instance
    Local {
        /// Locally unique name for the role. No other role at this instance no matter the source
        /// may have the same name
        name: String,
        /// Role Source, i.e. the database the role comes from
        source: SourceID,
    },
    /// The role comes from a federated instance
    Remote {
        /// Name of the role. This role is unique in that instance so the tuple (name, location)
        /// refers to a unique role
        name: String,
        /// The federated instance this role comes from
        location: String,
    }
}
impl fmt::Display for RoleID {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match *self {
            RoleID::Local {name, source} => write!(f, "{}/{}@local", name, source),
            RoleID::Remote {name, location} => write!(f, "{}@{}", name, location),
        }
    }
}
Initial commit 2020-02-14 12:20:17 +01:00			`//! Access control logic`
			`//!`

Moves databases around a touch 2020-10-26 12:58:55 +01:00			`use std::fmt;`
Implements a simple permission check 2020-09-10 11:50:19 +02:00			`use std::collections::HashSet;`

Adds --load/--dump. Role dumping implemented already These mutually exclusive flags allow dumping and loading of database contents in a textual format 2020-09-11 09:57:03 +02:00			`use std::convert::TryInto;`

			`use std::path::{Path, PathBuf};`
			`use std::fs;`
			`use std::io::Write;`
Start Database restructure 2020-10-23 16:35:10 +02:00			`use std::sync::Arc;`
Adds --load/--dump. Role dumping implemented already These mutually exclusive flags allow dumping and loading of database contents in a textual format 2020-09-11 09:57:03 +02:00
Implements a simple permission check 2020-09-10 11:50:19 +02:00			`use flexbuffers;`
			`use serde::{Serialize, Deserialize};`

Logging 2020-02-17 15:07:55 +01:00			`use slog::Logger;`
Start Database restructure 2020-10-23 16:35:10 +02:00			`use lmdb::{Environment, Transaction, RwTransaction, Cursor};`
Logging 2020-02-17 15:07:55 +01:00
Better configuration stuff 2020-09-15 14:31:10 +02:00			`use crate::config::Settings;`
Implements a simple permission check 2020-09-10 11:50:19 +02:00			`use crate::error::Result;`
Showcase version commit 2020-02-18 16:55:19 +01:00
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`mod adapter_lmdb;`

			`use adapter_lmdb::PermissionsDB;`
			`pub use adapter_lmdb::init;`

Implements loading of roles and users 2020-09-11 10:18:43 +02:00			`// FIXME: fabinfra/fabaccess/bffh#3`
Refines machines 2020-09-17 10:51:51 +02:00			`pub type RoleIdentifier = u64;`
			`pub type PermIdentifier = u64;`
Showcase version commit 2020-02-18 16:55:19 +01:00
Further ideas on database restructure 2020-10-28 16:25:33 +01:00			`pub trait AccessDB {`
			`fn check(&self, userID: UserIdentifier, permID: PermIdentifier) -> Result<bool>;`
			`fn get_role(&self, roleID: RoleIdentifier) -> Result<Option<Role>>;`
Start Database restructure 2020-10-23 16:35:10 +02:00			`}`

			`/// A "Role" from the Authorization perspective`
			`///`
			`/// You can think of a role as a bundle of permissions relating to other roles. In most cases a`
			`/// role represents a real-world education or apprenticeship, which gives a person the education`
			`/// necessary to use a machine safely.`
			`/// Roles are assigned permissions which in most cases evaluate to granting a person the right to`
			`/// use certain (potentially) dangerous machines.`
			`/// Using this indirection makes administration easier in certain ways; instead of maintaining`
			`/// permissions on users directly the user is given a role after having been educated on the safety`
			`/// of a machine; if later on a similar enough machine is put to use the administrator can just add`
			`/// the permission for that machine to an already existing role instead of manually having to`
			`/// assign to all users.`
			`#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`pub struct Role {`
Start Database restructure 2020-10-23 16:35:10 +02:00			`name: String,`

			`/// A Role can have parents, inheriting all permissions`
			`///`
			`/// This makes situations where different levels of access are required easier: Each higher`
			`/// level of access sets the lower levels of access as parent, inheriting their permission; if`
			`/// you are allowed to manage a machine you are then also allowed to use it and so on`
			`parents: Vec<RoleIdentifier>,`
			`permissions: Vec<PermIdentifier>,`
			`}`

Moves databases around a touch 2020-10-26 12:58:55 +01:00			`type SourceID = String;`

			`/// Universal (relative) id of a role`
			`enum RoleID {`
			`/// The role comes from this instance`
			`Local {`
			`/// Locally unique name for the role. No other role at this instance no matter the source`
			`/// may have the same name`
			`name: String,`
			`/// Role Source, i.e. the database the role comes from`
			`source: SourceID,`
			`},`
			`/// The role comes from a federated instance`
			`Remote {`
			`/// Name of the role. This role is unique in that instance so the tuple (name, location)`
			`/// refers to a unique role`
			`name: String,`
			`/// The federated instance this role comes from`
			`location: String,`
Implements a simple permission check 2020-09-10 11:50:19 +02:00			`}`
Moves databases around a touch 2020-10-26 12:58:55 +01:00			`}`
			`impl fmt::Display for RoleID {`
			`fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {`
			`match *self {`
			`RoleID::Local {name, source} => write!(f, "{}/{}@local", name, source),`
			`RoleID::Remote {name, location} => write!(f, "{}@{}", name, location),`
Allows permission read/write as well 2020-09-10 12:32:33 +02:00			`}`
			`}`
Starts using LMDB 2020-09-10 10:39:46 +02:00			`}`