mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-12-22 19:53:49 +01:00
Reverse visibility check to properly disclose machines
Machines that you have disclose on are always shown. Machines you *don't* have `disclose` on are *also* show *iff* you are using them.
This commit is contained in:
parent
069819bb9a
commit
cc2b43a9f2
@ -62,24 +62,33 @@ impl machines::Server for Machines {
|
||||
|
||||
let mut filtered_v = Vec::with_capacity(v.len());
|
||||
for (id, machine) in v.into_iter() {
|
||||
match machine.get_status().await {
|
||||
// Always show a machine if they're in use by myself
|
||||
Status::InUse(ref bywho) =>
|
||||
if bywho.is_some() && bywho.as_ref().filter(|bywho| *bywho == user).is_some()
|
||||
{
|
||||
// Check if the user has disclose. If yes, machines are always shown.
|
||||
let required_disclose = &machine.desc.privs.disclose;
|
||||
if session.as_ref().unwrap().perms.iter()
|
||||
.any(|rule| rule.match_perm(required_disclose))
|
||||
{
|
||||
filtered_v.push((id, machine));
|
||||
} else {
|
||||
// If no, match their state. Used & reserved machines are also shown
|
||||
match machine.get_status().await {
|
||||
// Always show a machine if they're in use by myself
|
||||
Status::InUse(ref bywho) =>
|
||||
if bywho.is_some() && bywho.as_ref().filter(|bywho| *bywho == user).is_some()
|
||||
{
|
||||
filtered_v.push((id, machine));
|
||||
}
|
||||
Status::Reserved(ref bywho) => if bywho == user {
|
||||
filtered_v.push((id, machine));
|
||||
}
|
||||
Status::Reserved(ref bywho) => if bywho == user {
|
||||
filtered_v.push((id, machine));
|
||||
}
|
||||
|
||||
// The rest depends on the actual priviledges below
|
||||
_ => {
|
||||
let required_disclose = &machine.desc.privs.disclose;
|
||||
if session.as_ref().unwrap().perms.iter()
|
||||
.any(|rule| rule.match_perm(required_disclose))
|
||||
{
|
||||
filtered_v.push((id, machine));
|
||||
// The rest depends on the actual priviledges below
|
||||
_ => {
|
||||
let required_disclose = &machine.desc.privs.disclose;
|
||||
if session.as_ref().unwrap().perms.iter()
|
||||
.any(|rule| rule.match_perm(required_disclose))
|
||||
{
|
||||
filtered_v.push((id, machine));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user