gkaklas/labadoor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

acl: Provide generic API for all storage implementations

Browse source
This commit is contained in:
George Kaklamanos 2023-09-25 20:13:31 +03:00
parent e1d1aa1ed8
commit 9fa148a939
No known key found for this signature in database
GPG key ID: C0CAB8A6BDC9399D
1 changed files with 53 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

53
labadoor-acl/src/lib.rs
View file

@ -19,3 +19,56 @@ pub struct ResourceShortcuts {
pub resource: String,
pub id: i8,
}
pub trait ACL {
/// `Option`s on delete operations mean that all associated data is removed
/// ACLEntry
fn allow_access(user: String, resource: String);
fn deny_access(user: Option<String>, resource: Option<String>);
/// AuthMethod
fn add_auth_method(user: String, method: String, identifier: String);
fn del_auth_method(user: Option<String>, method: Option<String>, identifier: Option<String>);
/// ResourceShortcuts
fn add_shortcut(user: String, resource: String, shortcut: i8);
fn del_shortcut(user: Option<String>, resource: Option<String>, shortcut: Option<i8>);
/// Queries
fn get_username(method: String, identifier: String) -> Result<String, ()>;
fn get_resource(username: String, shortcut: i8) -> Result<String, ()>;
fn is_allowed(username: String, resource: String) -> Result<(), ()>;
fn del_user(user: String) {
Self::deny_access(Some(user.clone()), None);
Self::del_auth_method(Some(user.clone()), None, None);
Self::del_shortcut(Some(user), None, None);
}
fn del_resource(resource: String) {
Self::deny_access(None, Some(resource.clone()));
Self::del_shortcut(None, Some(resource), None);
}
fn create_user(
username: String,
resource: String,
method: String,
identifier: String,
shortcut: i8,
) {
Self::allow_access(username.clone(), resource.clone());
Self::add_auth_method(username.clone(), method.clone(), identifier.clone());
Self::add_shortcut(username, resource, shortcut);
}
fn auth_user(method: String, identifier: String, shortcut: i8) {
if let Ok(username) = Self::get_username(method, identifier) {
if let Ok(resource) = Self::get_resource(username.clone(), shortcut) {
if Self::is_allowed(username, resource).is_ok() {
println!("Open Sesame!");
}
}
}
}
}