Undo permesc start
This commit is contained in:
@@ -5,10 +5,7 @@ use axum::{
|
|||||||
};
|
};
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
|
||||||
use crate::domain::{
|
use crate::domain::user_prems::{UserActions, UserPermissions};
|
||||||
user::NewUser,
|
|
||||||
user_prems::{InternalUserPermissions, UserActions, UserPermissions},
|
|
||||||
};
|
|
||||||
|
|
||||||
#[derive(Debug, Hash, Clone, PartialEq, Eq)]
|
#[derive(Debug, Hash, Clone, PartialEq, Eq)]
|
||||||
pub struct RouteKey {
|
pub struct RouteKey {
|
||||||
@@ -19,7 +16,7 @@ pub struct RouteKey {
|
|||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct AppCfg {
|
pub struct AppCfg {
|
||||||
pub db_path: String,
|
pub db_path: String,
|
||||||
pub route_perms: HashMap<RouteKey, InternalUserPermissions>,
|
pub route_perms: HashMap<RouteKey, UserPermissions>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl AppCfg {
|
impl AppCfg {
|
||||||
@@ -36,23 +33,21 @@ impl AppCfg {
|
|||||||
path: impl Into<String>,
|
path: impl Into<String>,
|
||||||
root: bool,
|
root: bool,
|
||||||
perms: Vec<UserActions>,
|
perms: Vec<UserActions>,
|
||||||
esc_check: bool,
|
|
||||||
) {
|
) {
|
||||||
let key = RouteKey {
|
let key = RouteKey {
|
||||||
method,
|
method,
|
||||||
path: path.into(),
|
path: path.into(),
|
||||||
};
|
};
|
||||||
|
|
||||||
let user_perms = InternalUserPermissions {
|
let user_perms = UserPermissions {
|
||||||
root,
|
root,
|
||||||
permissions: perms.into_iter().collect(), // Vec → HashSet
|
permissions: perms.into_iter().collect(), // Vec → HashSet
|
||||||
esc_check,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
self.route_perms.insert(key, user_perms);
|
self.route_perms.insert(key, user_perms);
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<InternalUserPermissions> {
|
pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<UserPermissions> {
|
||||||
let key = RouteKey {
|
let key = RouteKey {
|
||||||
method: method.clone(),
|
method: method.clone(),
|
||||||
path: path.to_string(),
|
path: path.to_string(),
|
||||||
@@ -68,7 +63,7 @@ impl AppCfg {
|
|||||||
|
|
||||||
pub async fn route_allows(
|
pub async fn route_allows(
|
||||||
&self,
|
&self,
|
||||||
req: Request,
|
req: &Request,
|
||||||
user_perms: UserPermissions,
|
user_perms: UserPermissions,
|
||||||
) -> Result<bool, StatusCode> {
|
) -> Result<bool, StatusCode> {
|
||||||
let method = req.method();
|
let method = req.method();
|
||||||
@@ -87,18 +82,9 @@ impl AppCfg {
|
|||||||
return Ok(true);
|
return Ok(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
match req_perms
|
Ok(req_perms
|
||||||
.permissions
|
.permissions
|
||||||
.iter()
|
.iter()
|
||||||
.all(|action| user_perms.permissions.contains(action))
|
.all(|action| user_perms.permissions.contains(action)))
|
||||||
{
|
|
||||||
true => (),
|
|
||||||
false => return Ok(false),
|
|
||||||
};
|
|
||||||
|
|
||||||
if req_perms.esc_check {
|
|
||||||
} else {
|
|
||||||
Ok(true)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,12 +15,6 @@ pub struct UserPermissions {
|
|||||||
pub permissions: HashSet<UserActions>,
|
pub permissions: HashSet<UserActions>,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
|
|
||||||
pub struct InternalUserPermissions {
|
|
||||||
pub root: bool,
|
|
||||||
pub permissions: HashSet<UserActions>,
|
|
||||||
pub esc_check: bool,
|
|
||||||
}
|
|
||||||
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
|
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
|
||||||
pub struct ExtUserPermissions {
|
pub struct ExtUserPermissions {
|
||||||
pub uuid: Uuid,
|
pub uuid: Uuid,
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ use std::sync::Arc;
|
|||||||
|
|
||||||
use axum::{
|
use axum::{
|
||||||
Extension,
|
Extension,
|
||||||
extract::{MatchedPath, Request, State},
|
extract::{Request, State},
|
||||||
http::{self, Method, StatusCode, header::AUTHORIZATION},
|
http::{self, Method, StatusCode, header::AUTHORIZATION},
|
||||||
middleware::Next,
|
middleware::Next,
|
||||||
response::Response,
|
response::Response,
|
||||||
@@ -109,7 +109,7 @@ pub fn cors() -> CorsLayer {
|
|||||||
pub async fn permissions(
|
pub async fn permissions(
|
||||||
State(state): State<Arc<AppState>>,
|
State(state): State<Arc<AppState>>,
|
||||||
Extension(user): Extension<InternalUser>,
|
Extension(user): Extension<InternalUser>,
|
||||||
req: Request,
|
mut req: Request,
|
||||||
next: Next,
|
next: Next,
|
||||||
) -> Result<Response, StatusCode> {
|
) -> Result<Response, StatusCode> {
|
||||||
let request_method = req.method().clone();
|
let request_method = req.method().clone();
|
||||||
@@ -123,9 +123,10 @@ pub async fn permissions(
|
|||||||
|
|
||||||
match state
|
match state
|
||||||
.config
|
.config
|
||||||
.route_allows(&method, path.as_str(), user.permissions.clone())
|
.route_allows(&req, user.permissions.clone())
|
||||||
|
.await
|
||||||
{
|
{
|
||||||
true => Ok(next.run(req).await),
|
Ok(true) => Ok(next.run(req).await),
|
||||||
false => Err(StatusCode::UNAUTHORIZED),
|
_ => Err(StatusCode::UNAUTHORIZED),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,8 +25,11 @@ macro_rules! middleware {
|
|||||||
(cors_auth_perms, $state:expr) => {
|
(cors_auth_perms, $state:expr) => {
|
||||||
(
|
(
|
||||||
crate::router::middleware::cors(),
|
crate::router::middleware::cors(),
|
||||||
axum::middleware::from_fn_with_state($state, crate::router::middleware::auth),
|
axum::middleware::from_fn_with_state($state.clone(), crate::router::middleware::auth),
|
||||||
axum::middleware::from_fn_with_state($state, crate::router::middleware::permissions),
|
axum::middleware::from_fn_with_state(
|
||||||
|
$state.clone(),
|
||||||
|
crate::router::middleware::permissions,
|
||||||
|
),
|
||||||
)
|
)
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user