use std::collections::HashSet;
use self::admin::Admin;
use crate::models::{client::Client, user::User};
mod admin;
/// The action which was attempted on a resource
pub enum Action<T> {
Create(T),
Read(T),
Update(T, T),
Delete(T),
}
trait ScopeSuperSet {
fn is_superset_of(&self, other: &Self) -> bool;
}
trait Scope: ToString {
/// Parse a scope of the format: `{Scope::NAME}:{modifiers}`
fn parse_modifiers(modifiers: &str) -> Result<Self, Box<str>>
where
Self: Sized;
/// Returns `true` if and only if the given `user` is allowed to take the
/// given `action` with this scope
fn has_user_permission(&self, user: &User, action: &Action<User>) -> bool;
// Returns `true` if and only if the given `user` is allowed to take the
/// given `action` with this scope
fn has_client_permission(&self, user: &User, action: &Action<Client>) -> bool;
}
pub struct ParseScopeError {
scope: Box<str>,
error: ParseScopeErrorType,
}
impl ParseScopeError {
fn invalid_type(scope: &str, scope_type: &str) -> Self {
let scope = scope.into();
let error = ParseScopeErrorType::InvalidType(scope_type.into());
Self { scope, error }
}
}
pub enum ParseScopeErrorType {
InvalidType(Box<str>),
InvalidModifiers(Box<str>),
}
fn parse_scope(scope: &str) -> Result<Box<dyn Scope>, ParseScopeError> {
let mut split = scope.split(':');
let scope_type = split.next().unwrap();
let _modifiers: String = split.collect();
match scope_type {
"admin" => Ok(Box::new(Admin)),
_ => Err(ParseScopeError::invalid_type(scope, scope_type)),
}
}
fn parse_scopes(scopes: &str) -> Result<Vec<Box<dyn Scope>>, ParseScopeError> {
scopes
.split_whitespace()
.map(|scope| parse_scope(scope))
.collect()
}
fn parse_scopes_errors(
results: &[Result<Box<dyn Scope>, ParseScopeError>],
) -> Vec<&ParseScopeError> {
let mut errors = Vec::with_capacity(results.len());
for result in results {
if let Err(pse) = result {
errors.push(pse)
}
}
errors
}
/// Returns `true` if and only if all values in `left_scopes` are contained in
/// `right_scopes`.
pub fn is_subset_of(left_scopes: &str, right_scopes: &str) -> bool {
let right_scopes: HashSet<&str> = right_scopes.split_whitespace().collect();
for scope in left_scopes.split_whitespace() {
if !right_scopes.contains(scope) {
return false;
}
}
true
}
pub fn has_user_permission(
user: User,
action: Action<User>,
client_scopes: &str,
) -> Result<bool, ParseScopeError> {
let scopes = parse_scopes(client_scopes)?;
for scope in scopes {
if scope.has_user_permission(&user, &action) {
return Ok(true);
}
}
Ok(false)
}
pub fn has_client_permission(
user: User,
action: Action<Client>,
client_scopes: &str,
) -> Result<bool, ParseScopeError> {
let scopes = parse_scopes(client_scopes)?;
for scope in scopes {
if scope.has_client_permission(&user, &action) {
return Ok(true);
}
}
Ok(false)
}
|
