h3cx/RustyMine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Undo permesc start

Browse Source
This commit is contained in:
Hector van der Aa
2025-12-06 17:57:04 +01:00
parent 20a09a672a
commit 0796a3403f
4 changed files with 18 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/backend/src/config.rs
View File

@@ -5,10 +5,7 @@ use axum::{
};
use std::collections::HashMap;
use crate::domain::{
user::NewUser,
user_prems::{InternalUserPermissions, UserActions, UserPermissions},
};
use crate::domain::user_prems::{UserActions, UserPermissions};
#[derive(Debug, Hash, Clone, PartialEq, Eq)]
pub struct RouteKey {
@@ -19,7 +16,7 @@ pub struct RouteKey {
#[derive(Debug)]
pub struct AppCfg {
pub db_path: String,
pub route_perms: HashMap<RouteKey, InternalUserPermissions>,
pub route_perms: HashMap<RouteKey, UserPermissions>,
}
impl AppCfg {
@@ -36,23 +33,21 @@ impl AppCfg {
path: impl Into<String>,
root: bool,
perms: Vec<UserActions>,
esc_check: bool,
) {
let key = RouteKey {
method,
path: path.into(),
};
let user_perms = InternalUserPermissions {
let user_perms = UserPermissions {
root,
permissions: perms.into_iter().collect(), // Vec → HashSet
esc_check,
};
self.route_perms.insert(key, user_perms);
}
pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<InternalUserPermissions> {
pub fn get_route_perms(&self, method: &Method, path: &str) -> Option<UserPermissions> {
let key = RouteKey {
method: method.clone(),
path: path.to_string(),
@@ -68,7 +63,7 @@ impl AppCfg {
pub async fn route_allows(
&self,
req: Request,
req: &Request,
user_perms: UserPermissions,
) -> Result<bool, StatusCode> {
let method = req.method();
@@ -87,18 +82,9 @@ impl AppCfg {
return Ok(true);
}
match req_perms
Ok(req_perms
.permissions
.iter()
.all(|action| user_perms.permissions.contains(action))
{
true => (),
false => return Ok(false),
};
if req_perms.esc_check {
} else {
Ok(true)
}
.all(|action| user_perms.permissions.contains(action)))
}
}

6
src/backend/src/domain/user_prems.rs
View File

@@ -15,12 +15,6 @@ pub struct UserPermissions {
pub permissions: HashSet<UserActions>,
}
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
pub struct InternalUserPermissions {
pub root: bool,
pub permissions: HashSet<UserActions>,
pub esc_check: bool,
}
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
pub struct ExtUserPermissions {
pub uuid: Uuid,

11
src/backend/src/router/middleware.rs
View File

@@ -3,7 +3,7 @@ use std::sync::Arc;
use axum::{
Extension,
extract::{MatchedPath, Request, State},
extract::{Request, State},
http::{self, Method, StatusCode, header::AUTHORIZATION},
middleware::Next,
response::Response,
@@ -109,7 +109,7 @@ pub fn cors() -> CorsLayer {
pub async fn permissions(
State(state): State<Arc<AppState>>,
Extension(user): Extension<InternalUser>,
req: Request,
mut req: Request,
next: Next,
) -> Result<Response, StatusCode> {
let request_method = req.method().clone();
@@ -123,9 +123,10 @@ pub async fn permissions(
match state
.config
.route_allows(&method, path.as_str(), user.permissions.clone())
.route_allows(&req, user.permissions.clone())
.await
{
true => Ok(next.run(req).await),
false => Err(StatusCode::UNAUTHORIZED),
Ok(true) => Ok(next.run(req).await),
_ => Err(StatusCode::UNAUTHORIZED),
}
}

7
src/backend/src/router/mod.rs
View File

@@ -25,8 +25,11 @@ macro_rules! middleware {
(cors_auth_perms, $state:expr) => {
(
crate::router::middleware::cors(),
axum::middleware::from_fn_with_state($state, crate::router::middleware::auth),
axum::middleware::from_fn_with_state($state, crate::router::middleware::permissions),
axum::middleware::from_fn_with_state($state.clone(), crate::router::middleware::auth),
axum::middleware::from_fn_with_state(
$state.clone(),
crate::router::middleware::permissions,
),
)
};
}