mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-11 01:53:23 +01:00
Load roles into the accessdb
This commit is contained in:
parent
8f5cea673b
commit
d568d46212
@ -49,10 +49,8 @@ impl Databases {
|
|||||||
let env = Arc::new(env);
|
let env = Arc::new(env);
|
||||||
let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?;
|
let mdb = machine::init(log.new(o!("system" => "machines")), &config, env.clone())?;
|
||||||
|
|
||||||
let mut ac = access::AccessControl::new();
|
|
||||||
|
|
||||||
let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?;
|
let permdb = access::init(log.new(o!("system" => "permissions")), &config, env.clone())?;
|
||||||
ac.add_source_unchecked("Internal".to_string(), Box::new(permdb));
|
let mut ac = access::AccessControl::new(permdb);
|
||||||
|
|
||||||
let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap();
|
let passdb = pass::PassDB::init(log.new(o!("system" => "passwords")), env.clone()).unwrap();
|
||||||
|
|
||||||
|
@ -30,15 +30,17 @@ use crate::error::Result;
|
|||||||
pub mod internal;
|
pub mod internal;
|
||||||
|
|
||||||
use crate::db::user::UserData;
|
use crate::db::user::UserData;
|
||||||
pub use internal::init;
|
pub use internal::{init, Internal};
|
||||||
|
|
||||||
pub struct AccessControl {
|
pub struct AccessControl {
|
||||||
|
pub internal: Internal,
|
||||||
sources: HashMap<String, Box<dyn RoleDB>>,
|
sources: HashMap<String, Box<dyn RoleDB>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AccessControl {
|
impl AccessControl {
|
||||||
pub fn new() -> Self {
|
pub fn new(internal: Internal) -> Self {
|
||||||
Self {
|
Self {
|
||||||
|
internal: internal,
|
||||||
sources: HashMap::new()
|
sources: HashMap::new()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -55,6 +57,9 @@ impl AccessControl {
|
|||||||
return Ok(true);
|
return Ok(true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if self.internal.check(user, perm.as_ref())? {
|
||||||
|
return Ok(true);
|
||||||
|
}
|
||||||
|
|
||||||
return Ok(false);
|
return Ok(false);
|
||||||
}
|
}
|
||||||
|
@ -24,12 +24,11 @@ pub struct Internal {
|
|||||||
log: Logger,
|
log: Logger,
|
||||||
env: Arc<Environment>,
|
env: Arc<Environment>,
|
||||||
roledb: lmdb::Database,
|
roledb: lmdb::Database,
|
||||||
userdb: lmdb::Database,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Internal {
|
impl Internal {
|
||||||
pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database, userdb: lmdb::Database) -> Self {
|
pub fn new(log: Logger, env: Arc<Environment>, roledb: lmdb::Database) -> Self {
|
||||||
Self { log, env, roledb, userdb }
|
Self { log, env, roledb, }
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Check if a given user has the given permission
|
/// Check if a given user has the given permission
|
||||||
@ -117,33 +116,18 @@ impl Internal {
|
|||||||
unimplemented!()
|
unimplemented!()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn load_db(&mut self, txn: &mut RwTransaction, mut path: PathBuf) -> Result<()> {
|
pub fn load_roles<P: AsRef<Path>>(&self, path: P) -> Result<()> {
|
||||||
path.push("roles");
|
let mut txn = self.env.begin_rw_txn()?;
|
||||||
if !path.is_dir() {
|
self.load_roles_txn(&mut txn, path.as_ref())
|
||||||
error!(self.log, "Given load directory is malformed, no 'roles' subdir, not loading roles!");
|
|
||||||
} else {
|
|
||||||
self.load_roles(txn, path.as_path())?;
|
|
||||||
}
|
}
|
||||||
|
fn load_roles_txn(&self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn load_roles(&mut self, txn: &mut RwTransaction, path: &Path) -> Result<()> {
|
|
||||||
if path.is_file() {
|
|
||||||
let roles = Role::load_file(path)?;
|
let roles = Role::load_file(path)?;
|
||||||
|
|
||||||
for (k,v) in roles.iter() {
|
for (k,v) in roles.iter() {
|
||||||
self.put_role(txn, k, v.clone())?;
|
self.put_role(txn, k, v.clone())?;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
for entry in std::fs::read_dir(path)? {
|
|
||||||
let roles = Role::load_file(entry?.path())?;
|
|
||||||
|
|
||||||
for (k,v) in roles.iter() {
|
debug!(self.log, "Loaded roles: {:?}", roles);
|
||||||
self.put_role(txn, k, v.clone())?;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
@ -182,9 +166,6 @@ pub fn init(log: Logger, config: &Settings, env: Arc<lmdb::Environment>)
|
|||||||
debug!(&log, "Opened access database '{}' successfully.", "role");
|
debug!(&log, "Opened access database '{}' successfully.", "role");
|
||||||
//let permdb = env.create_db(Some("perm"), flags)?;
|
//let permdb = env.create_db(Some("perm"), flags)?;
|
||||||
//debug!(&log, "Opened access database '{}' successfully.", "perm");
|
//debug!(&log, "Opened access database '{}' successfully.", "perm");
|
||||||
let userdb = env.create_db(Some("user"), flags)?;
|
|
||||||
debug!(&log, "Opened access database '{}' successfully.", "user");
|
|
||||||
info!(&log, "Opened all access databases");
|
|
||||||
|
|
||||||
Ok(Internal::new(log, env, roledb, userdb))
|
Ok(Internal::new(log, env, roledb))
|
||||||
}
|
}
|
||||||
|
@ -132,8 +132,8 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
} else if matches.is_present("load") {
|
} else if matches.is_present("load") {
|
||||||
let db = db::Databases::new(&log, &config)?;
|
let db = db::Databases::new(&log, &config)?;
|
||||||
|
|
||||||
let mut dir = PathBuf::from(matches.value_of_os("load").unwrap());
|
let mut dir = PathBuf::from(matches.value_of_os("load").unwrap());
|
||||||
|
|
||||||
dir.push("users.toml");
|
dir.push("users.toml");
|
||||||
let map = db::user::load_file(&dir)?;
|
let map = db::user::load_file(&dir)?;
|
||||||
for (uid,user) in map.iter() {
|
for (uid,user) in map.iter() {
|
||||||
@ -141,6 +141,11 @@ fn maybe(matches: clap::ArgMatches, log: Arc<Logger>) -> Result<(), Error> {
|
|||||||
}
|
}
|
||||||
debug!(log, "Loaded users: {:?}", map);
|
debug!(log, "Loaded users: {:?}", map);
|
||||||
dir.pop();
|
dir.pop();
|
||||||
|
|
||||||
|
dir.push("roles.toml");
|
||||||
|
db.access.internal.load_roles(&dir)?;
|
||||||
|
dir.pop();
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
} else {
|
} else {
|
||||||
let ex = Executor::new();
|
let ex = Executor::new();
|
||||||
|
Loading…
Reference in New Issue
Block a user