Load roles into the accessdb

src/db.rs

@@ -49,10 +49,8 @@ impl Databases {
         let env = Arc::new(env);
         let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?;
 
-        let mut ac = access::AccessControl::new();
-
         let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?;
-        ac.add_source_unchecked("Internal".to_string(), Box::new(permdb));
+        let mut ac = access::AccessControl::new(permdb);
 
         let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap();
 

src/db/access.rs

@@ -30,15 +30,17 @@ use crate::error::Result;
 pub mod internal;
 
 use crate::db::user::UserData;
-pub use internal::init;
+pub use internal::{init, Internal};
 
 pub struct AccessControl {
+    pub internal: Internal,
     sources: HashMap<String, Box<dyn RoleDB>>,
 }
 
 impl AccessControl {
-    pub fn new() -> Self {
+    pub fn new(internal: Internal) -> Self {
         Self {
+            internal: internal,
             sources: HashMap::new()
         }
     }
@@ -55,6 +57,9 @@ impl AccessControl {
                 return Ok(true);
             }
         }
+        if self.internal.check(user, perm.as_ref())? {
+            return Ok(true);
+        }
 
         return Ok(false);
     }

src/db/access/internal.rs

@@ -24,12 +24,11 @@ pub struct Internal {
     log: Logger,
     env: Arc<Environment>,
     roledb: lmdb::Database,
-    userdb: lmdb::Database,
 }
 
 impl Internal {
-    pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database, userdb: lmdb::Database) -> Self {
+    pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database) -> Self {
-        Self { log, env, roledb, userdb }
+        Self { log, env, roledb, }
     }
 
     /// Check if a given user has the given permission
@@ -117,33 +116,18 @@ impl Internal {
        unimplemented!()
    }
 
-   pub fn load_db(&mut self, txn: &mut RwTransaction, mut path: PathBuf) -> Result<()> {
+   pub fn load_roles<P: AsRef<Path>>(&self, path: P) -> Result<()> {
-       path.push("roles");
+       let mut txn = self.env.begin_rw_txn()?;
-       if !path.is_dir() {
+       self.load_roles_txn(&mut txn, path.as_ref())
-           error!(self.log, "Given load directory is malformed, no 'roles' subdir, not loading roles!");
-       } else {
-           self.load_roles(txn, path.as_path())?;
    }
-
+   fn load_roles_txn(&self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
-       Ok(())
-   }
-
-   fn load_roles(&mut self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
-       if path.is_file() {
        let roles = Role::load_file(path)?;
 
        for (k,v) in roles.iter() {
            self.put_role(txn, k, v.clone())?;
        }
-       } else {
-           for entry in std::fs::read_dir(path)? {
-               let roles = Role::load_file(entry?.path())?;
 
-               for (k,v) in roles.iter() {
+       debug!(self.log, "Loaded roles: {:?}", roles);
-                   self.put_role(txn, k, v.clone())?;
-               }
-           }
-       }
 
        Ok(())
    }
@@ -182,9 +166,6 @@ pub fn init(log: Logger, config: &Settings, env: Arc<lmdb::Environment>)
     debug!(&log, "Opened access database '{}' successfully.", "role");
     //let permdb = env.create_db(Some("perm"), flags)?;
     //debug!(&log, "Opened access database '{}' successfully.", "perm");
-    let userdb = env.create_db(Some("user"), flags)?;
-    debug!(&log, "Opened access database '{}' successfully.", "user");
-    info!(&log, "Opened all access databases");
 
-    Ok(Internal::new(log, env, roledb, userdb))
+    Ok(Internal::new(log, env, roledb))
 }

src/main.rs

@@ -132,8 +132,8 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
         Ok(())
     } else if matches.is_present("load") {
         let db = db::Databases::new(&log, &config)?;
-
         let mut dir = PathBuf::from(matches.value_of_os("load").unwrap());
+
         dir.push("users.toml");
         let map = db::user::load_file(&dir)?;
         for (uid,user) in map.iter() {
@@ -141,6 +141,11 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
         }
         debug!(log, "Loaded users: {:?}", map);
         dir.pop();
+
+        dir.push("roles.toml");
+        db.access.internal.load_roles(&dir)?;
+        dir.pop();
+
         Ok(())
     } else {
         let ex = Executor::new();