fabaccess-bffh/src/access.rs

//! Access control logic
//!

use slog::Logger;

use casbin::prelude::*;

use crate::config::Config;
use crate::auth::Authentication;
use crate::error::Result;

use std::rc::Rc;
use async_std::sync::{Arc, RwLock};

use std::ops::Deref;

pub struct PermissionsProvider {
    log: Logger,
    pdb: Enforcer,
}

impl PermissionsProvider {
    pub fn new(log: Logger, pdb: Enforcer) -> Self {
        Self { log, pdb }
    }

    pub fn enforce(&self, actor: &str, object: &str, action: &str) -> Result<bool> {
        let b = self.pdb.enforce(vec![actor, object, action])?;
        if b {
            trace!(self.log, "Granted {} on {} for {}", action, object, actor);
        } else {
            trace!(self.log, "Denied {} on {} for {}", action, object, actor);
        }
        Ok(b)
    }
}

#[derive(Clone)]
pub struct Permissions {
    inner: Arc<RwLock<PermissionsProvider>>,
    auth: Rc<Authentication>,
}

impl Permissions {
    pub fn new(inner: Arc<RwLock<PermissionsProvider>>, auth: Rc<Authentication>) -> Self {
        Self { inner, auth }
    }

    pub async fn enforce(&self, object: &str, action: &str) -> Result<bool> {
        if let Some(actor) = self.auth.state.read().await.deref() {
            self.inner.read().await.enforce(&actor, object, action)
        } else {
            Ok(false)
        }
    }
}

/// This line documents init
pub async fn init(log: Logger, config: &Config) -> std::result::Result<PermissionsProvider, Box<dyn std::error::Error>> {
    let model = Model::from_file(config.access.model.clone()).await?;
    let adapter = Box::new(FileAdapter::new(config.access.policy.clone()));

    let e = Enforcer::new(model, adapter).await?;

    return Ok(PermissionsProvider::new(log, e));
}
Initial commit 2020-02-14 12:20:17 +01:00			`//! Access control logic`
			`//!`

Logging 2020-02-17 15:07:55 +01:00			`use slog::Logger;`

Initial commit 2020-02-14 12:20:17 +01:00			`use casbin::prelude::*;`

Showcase version commit 2020-02-18 16:55:19 +01:00			`use crate::config::Config;`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`use crate::auth::Authentication;`
			`use crate::error::Result;`
Schema update 2020-02-17 03:44:02 +01:00
Showcase version commit 2020-02-18 16:55:19 +01:00			`use std::rc::Rc;`
			`use async_std::sync::{Arc, RwLock};`

			`use std::ops::Deref;`

			`pub struct PermissionsProvider {`
			`log: Logger,`
			`pdb: Enforcer,`
			`}`

			`impl PermissionsProvider {`
			`pub fn new(log: Logger, pdb: Enforcer) -> Self {`
			`Self { log, pdb }`
			`}`

			`pub fn enforce(&self, actor: &str, object: &str, action: &str) -> Result<bool> {`
			`let b = self.pdb.enforce(vec![actor, object, action])?;`
Showcase impl: 2020-02-19 14:50:23 +01:00			`if b {`
			`trace!(self.log, "Granted {} on {} for {}", action, object, actor);`
			`} else {`
			`trace!(self.log, "Denied {} on {} for {}", action, object, actor);`
			`}`
Showcase version commit 2020-02-18 16:55:19 +01:00			`Ok(b)`
			`}`
			`}`

Schema update 2020-02-17 03:44:02 +01:00			`#[derive(Clone)]`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`pub struct Permissions {`
Showcase version commit 2020-02-18 16:55:19 +01:00			`inner: Arc<RwLock<PermissionsProvider>>,`
			`auth: Rc<Authentication>,`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`}`

			`impl Permissions {`
Showcase version commit 2020-02-18 16:55:19 +01:00			`pub fn new(inner: Arc<RwLock<PermissionsProvider>>, auth: Rc<Authentication>) -> Self {`
			`Self { inner, auth }`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`}`

Showcase version commit 2020-02-18 16:55:19 +01:00			`pub async fn enforce(&self, object: &str, action: &str) -> Result<bool> {`
			`if let Some(actor) = self.auth.state.read().await.deref() {`
			`self.inner.read().await.enforce(&actor, object, action)`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`} else {`
Showcase version commit 2020-02-18 16:55:19 +01:00			`Ok(false)`
(Unfinished) v2 implementation 2020-02-17 14:56:43 +01:00			`}`
			`}`
			`}`
Schema update 2020-02-17 03:44:02 +01:00
An initial working state PoC, Authentication works but not much more 2020-02-16 16:02:03 +01:00			`/// This line documents init`
Showcase version commit 2020-02-18 16:55:19 +01:00			`pub async fn init(log: Logger, config: &Config) -> std::result::Result<PermissionsProvider, Box<dyn std::error::Error>> {`
Initial commit 2020-02-14 12:20:17 +01:00			`let model = Model::from_file(config.access.model.clone()).await?;`
			`let adapter = Box::new(FileAdapter::new(config.access.policy.clone()));`

			`let e = Enforcer::new(model, adapter).await?;`

Showcase version commit 2020-02-18 16:55:19 +01:00			`return Ok(PermissionsProvider::new(log, e));`
Initial commit 2020-02-14 12:20:17 +01:00			`}`