From 0796a3403f65c4741b83a10104ae114605395049 Mon Sep 17 00:00:00 2001
From: Hector van der Aa <hector@h3cx.dev>
Date: Sat, 6 Dec 2025 17:57:04 +0100
Subject: [PATCH] Undo permesc start

---
 src/backend/src/config.rs            | 28 +++++++---------------------
 src/backend/src/domain/user_prems.rs |  6 ------
 src/backend/src/router/middleware.rs | 11 ++++++-----
 src/backend/src/router/mod.rs        |  7 +++++--
 4 files changed, 18 insertions(+), 34 deletions(-)

diff --git a/src/backend/src/config.rs b/src/backend/src/config.rs
index fab7a20..b3ef83e 100644
--- a/src/backend/src/config.rs
+++ b/src/backend/src/config.rs
@@ -5,10 +5,7 @@ use axum::{
 };
 use std::collections::HashMap;
 
-use crate::domain::{
-    user::NewUser,
-    user_prems::{InternalUserPermissions, UserActions, UserPermissions},
-};
+use crate::domain::user_prems::{UserActions, UserPermissions};
 
 #[derive(Debug, Hash, Clone, PartialEq, Eq)]
 pub struct RouteKey {
@@ -19,7 +16,7 @@ pub struct RouteKey {
 #[derive(Debug)]
 pub struct AppCfg {
     pub db_path: String,
-    pub route_perms: HashMap<RouteKey, InternalUserPermissions>,
+    pub route_perms: HashMap<RouteKey, UserPermissions>,
 }
 
 impl AppCfg {
@@ -36,23 +33,21 @@ impl AppCfg {
         path: impl Into<String>,
         root: bool,
         perms: Vec<UserActions>,
-        esc_check: bool,
     ) {
         let key = RouteKey {
             method,
             path: path.into(),
         };
 
-        let user_perms = InternalUserPermissions {
+        let user_perms = UserPermissions {
             root,
             permissions: perms.into_iter().collect(), // Vec → HashSet
-            esc_check,
         };
 
         self.route_perms.insert(key, user_perms);
     }
 
-    pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<InternalUserPermissions> {
+    pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<UserPermissions> {
         let key = RouteKey {
             method: method.clone(),
             path: path.to_string(),
@@ -68,7 +63,7 @@ impl AppCfg {
 
     pub async fn route_allows(
         &self,
-        req: Request,
+        req: &Request,
         user_perms: UserPermissions,
     ) -> Result<bool, StatusCode> {
         let method = req.method();
@@ -87,18 +82,9 @@ impl AppCfg {
             return Ok(true);
         }
 
-        match req_perms
+        Ok(req_perms
             .permissions
             .iter()
-            .all(|action| user_perms.permissions.contains(action))
-        {
-            true => (),
-            false => return Ok(false),
-        };
-
-        if req_perms.esc_check {
-        } else {
-            Ok(true)
-        }
+            .all(|action| user_perms.permissions.contains(action)))
     }
 }
diff --git a/src/backend/src/domain/user_prems.rs b/src/backend/src/domain/user_prems.rs
index 676301d..59c9b0d 100644
--- a/src/backend/src/domain/user_prems.rs
+++ b/src/backend/src/domain/user_prems.rs
@@ -15,12 +15,6 @@ pub struct UserPermissions {
     pub permissions: HashSet<UserActions>,
 }
 
-#[derive(Debug, Clone, Deserialize, Serialize, Default)]
-pub struct InternalUserPermissions {
-    pub root: bool,
-    pub permissions: HashSet<UserActions>,
-    pub esc_check: bool,
-}
 #[derive(Debug, Clone, Deserialize, Serialize, Default)]
 pub struct ExtUserPermissions {
     pub uuid: Uuid,
diff --git a/src/backend/src/router/middleware.rs b/src/backend/src/router/middleware.rs
index 1d422bd..e29e280 100644
--- a/src/backend/src/router/middleware.rs
+++ b/src/backend/src/router/middleware.rs
@@ -3,7 +3,7 @@ use std::sync::Arc;
 
 use axum::{
     Extension,
-    extract::{MatchedPath, Request, State},
+    extract::{Request, State},
     http::{self, Method, StatusCode, header::AUTHORIZATION},
     middleware::Next,
     response::Response,
@@ -109,7 +109,7 @@ pub fn cors() -> CorsLayer {
 pub async fn permissions(
     State(state): State<Arc<AppState>>,
     Extension(user): Extension<InternalUser>,
-    req: Request,
+    mut req: Request,
     next: Next,
 ) -> Result<Response, StatusCode> {
     let request_method = req.method().clone();
@@ -123,9 +123,10 @@ pub async fn permissions(
 
     match state
         .config
-        .route_allows(&method, path.as_str(), user.permissions.clone())
+        .route_allows(&req, user.permissions.clone())
+        .await
     {
-        true => Ok(next.run(req).await),
-        false => Err(StatusCode::UNAUTHORIZED),
+        Ok(true) => Ok(next.run(req).await),
+        _ => Err(StatusCode::UNAUTHORIZED),
     }
 }
diff --git a/src/backend/src/router/mod.rs b/src/backend/src/router/mod.rs
index 4da99e1..7a0436b 100644
--- a/src/backend/src/router/mod.rs
+++ b/src/backend/src/router/mod.rs
@@ -25,8 +25,11 @@ macro_rules! middleware {
     (cors_auth_perms, $state:expr) => {
         (
             crate::router::middleware::cors(),
-            axum::middleware::from_fn_with_state($state, crate::router::middleware::auth),
-            axum::middleware::from_fn_with_state($state, crate::router::middleware::permissions),
+            axum::middleware::from_fn_with_state($state.clone(), crate::router::middleware::auth),
+            axum::middleware::from_fn_with_state(
+                $state.clone(),
+                crate::router::middleware::permissions,
+            ),
         )
     };
 }