vmario/fabaccess-bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2024-11-10 17:43:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

More trace output of role checking

Browse Source
This commit is contained in:
Nadja Reitzenstein 2022-05-31 13:45:51 +02:00
parent a43c38c118
commit 17fd08b7e5
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bffhd/authorization/roles.rs
View File

@ -67,17 +67,20 @@ impl Roles {
role_id: &String, role_id: &String,
perm: &Permission, perm: &Permission,
) -> bool { ) -> bool {
let _guard = tracing::debug_span!("tally", %role_id, perm=perm.as_str());
if let Some(role) = self.get(role_id) { if let Some(role) = self.get(role_id) {
// Only check and tally parents of a role at the role itself if it's the first time we // Only check and tally parents of a role at the role itself if it's the first time we
// see it // see it
if !roles.contains(role_id) { if !roles.contains(role_id) {
for perm_rule in role.permissions.iter() { for perm_rule in role.permissions.iter() {
if perm_rule.match_perm(perm) { if perm_rule.match_perm(perm) {
tracing::debug!("Permission granted by direct role");
return true; return true;
} }
} }
for parent in role.parents.iter() { for parent in role.parents.iter() {
if self.permitted_tally(roles, parent, perm) { if self.permitted_tally(roles, parent, perm) {
tracing::debug!(%parent, "Permission granted by parent role");
return true; return true;
} }
} }
@ -86,10 +89,13 @@ impl Roles {
} }
} }
tracing::trace!(%role_id, "Permission not granted by role");
false false
} }
pub fn is_permitted(&self, user: &UserData, perm: impl AsRef<Permission>) -> bool { pub fn is_permitted(&self, user: &UserData, perm: impl AsRef<Permission>) -> bool {
let perm = perm.as_ref();
tracing::debug!(perm=perm.as_str(), "Checking permission");
let mut seen = HashSet::new(); let mut seen = HashSet::new();
for role_id in user.roles.iter() { for role_id in user.roles.iter() {
if self.permitted_tally(&mut seen, role_id, perm.as_ref()) { if self.permitted_tally(&mut seen, role_id, perm.as_ref()) {