mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-12-25 05:03:48 +01:00
Logging
This commit is contained in:
parent
6152639564
commit
e135d7c8bd
@ -1,6 +1,8 @@
|
||||
//! Access control logic
|
||||
//!
|
||||
|
||||
use slog::Logger;
|
||||
|
||||
use casbin::prelude::*;
|
||||
|
||||
use super::config::Config;
|
||||
@ -13,19 +15,26 @@ use crate::error::Result;
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct Permissions {
|
||||
log: Logger,
|
||||
pdb: Mutable<Enforcer>,
|
||||
auth: Authentication,
|
||||
}
|
||||
|
||||
impl Permissions {
|
||||
pub fn new(pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
|
||||
Self { pdb, auth }
|
||||
pub fn new(log: Logger, pdb: Mutable<Enforcer>, auth: Authentication) -> Self {
|
||||
Self { log, pdb, auth }
|
||||
}
|
||||
|
||||
pub fn enforce(&self, object: &str, action: &str) -> bool {
|
||||
if let Some(actor) = self.auth.get_authzid() {
|
||||
self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap()
|
||||
trace!(self.log, "Checking permission {} for {} on {}", action, actor, object);
|
||||
let r = self.pdb.lock_ref().enforce(vec![&actor,object,action]).unwrap();
|
||||
if !r {
|
||||
info!(self.log, "Failed permission {} for {} on {}", action, actor, object);
|
||||
}
|
||||
return r;
|
||||
} else {
|
||||
info!(self.log, "Attempted anonymous access: {} on {}", action, object);
|
||||
false
|
||||
}
|
||||
}
|
||||
|
@ -64,11 +64,13 @@ impl api::machines::Server for Machines {
|
||||
let mut b = results.get();
|
||||
let mngr = api::machines::manage::ToClient::new(manager).into_client::<Server>();
|
||||
b.set_manage(mngr);
|
||||
trace!(self.log, "Granted manage on machine {}", uuid);
|
||||
Promise::ok(())
|
||||
} else {
|
||||
Promise::err(Error::failed("Permission denied".to_string()))
|
||||
}
|
||||
} else {
|
||||
info!(self.log, "Attempted manage on invalid machine {}", uuid);
|
||||
Promise::err(Error::failed("No such machine".to_string()))
|
||||
}
|
||||
}
|
||||
@ -84,8 +86,10 @@ impl api::machines::Server for Machines {
|
||||
|
||||
let mdb = self.mdb.lock_ref();
|
||||
if let Some(m) = mdb.get(&uuid) {
|
||||
trace!(self.log, "Granted use on machine {}", uuid);
|
||||
Promise::ok(())
|
||||
} else {
|
||||
info!(self.log, "Attempted use on invalid machine {}", uuid);
|
||||
Promise::err(Error::failed("No such machine".to_string()))
|
||||
}
|
||||
}
|
||||
|
@ -55,6 +55,8 @@ fn main() {
|
||||
|
||||
let addr = args[1].to_socket_addrs().unwrap().next().expect("could not parse address");
|
||||
|
||||
let permlog = log.new(o!());
|
||||
let machlog = log.new(o!());
|
||||
|
||||
let spawner = exec.spawner();
|
||||
let result: Result<(), Box<dyn std::error::Error>> = exec.run_until(async move {
|
||||
@ -64,8 +66,8 @@ fn main() {
|
||||
let socket = socket?;
|
||||
// TODO: Prettify session handling
|
||||
let auth = auth::Authentication::new(authp.clone());
|
||||
let perm = access::Permissions::new(enf.clone(), auth.clone());
|
||||
let mach = machine::Machines::new(m.clone(), perm.clone());
|
||||
let perm = access::Permissions::new(permlog.clone(), enf.clone(), auth.clone());
|
||||
let mach = machine::Machines::new(machlog.clone(), m.clone(), perm.clone());
|
||||
|
||||
let rpc_system = api::process_socket(auth, perm, mach, socket);
|
||||
spawner.spawn_local_obj(
|
||||
|
Loading…
Reference in New Issue
Block a user