From a91fd1184488badd1e0a7b005c95c92ace241114 Mon Sep 17 00:00:00 2001 From: beckerinj Date: Mon, 21 Nov 2022 00:02:39 -0500 Subject: [PATCH] improve permissions code --- core/src/api/server.rs | 9 +++++---- core/src/ws/mod.rs | 10 ++-------- core/src/ws/update.rs | 20 ++++++++++++++++---- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/core/src/api/server.rs b/core/src/api/server.rs index 53d5dd51c..eee1a03d1 100644 --- a/core/src/api/server.rs +++ b/core/src/api/server.rs @@ -42,10 +42,11 @@ async fn list( if user.is_admin { true } else { - match s.permissions.get(&user.id) { - Some(permissions) => *permissions != PermissionLevel::None, - None => false, - } + let permissions = *s + .permissions + .get(&user.id) + .unwrap_or(&PermissionLevel::None); + permissions != PermissionLevel::None } }) .collect(); diff --git a/core/src/ws/mod.rs b/core/src/ws/mod.rs index 52d6a7e62..9e881676b 100644 --- a/core/src/ws/mod.rs +++ b/core/src/ws/mod.rs @@ -10,12 +10,6 @@ pub fn router() -> Router { Router::new().route("/update", get(update::ws_handler)) } -fn user_permissions(user_id: &str, permissions: &PermissionsMap) -> anyhow::Result<()> { - let permission_level = *permissions - .get(user_id) - .ok_or(anyhow!("user has no permissions"))?; - match permission_level { - PermissionLevel::None => Err(anyhow!("user has None permission level")), - _ => Ok(()), - } +fn user_permissions(user_id: &str, permissions: &PermissionsMap) -> PermissionLevel { + *permissions.get(user_id).unwrap_or(&PermissionLevel::None) } diff --git a/core/src/ws/update.rs b/core/src/ws/update.rs index 307fa642f..eda6334ab 100644 --- a/core/src/ws/update.rs +++ b/core/src/ws/update.rs @@ -21,7 +21,7 @@ use tokio::{ }, }; use tokio_util::sync::CancellationToken; -use types::{EntityType, Update, User}; +use types::{EntityType, PermissionLevel, Update, User}; use crate::auth::{JwtClient, JwtExtension}; @@ -221,7 +221,11 @@ async fn user_can_see_update( .await .context(format!("failed at query to get server at {server_id}"))? .ok_or(anyhow!("did not server with id {server_id}"))?; - user_permissions(user_id, &server.permissions) + if user_permissions(user_id, &server.permissions) != PermissionLevel::None { + Ok(()) + } else { + Err(anyhow!("user does not have permissions on server")) + } } EntityType::Deployment => { let deployment_id = entity_id @@ -235,7 +239,11 @@ async fn user_can_see_update( "failed at query to get deployment at {deployment_id}" ))? .ok_or(anyhow!("did not deployment with id {deployment_id}"))?; - user_permissions(user_id, &deployment.permissions) + if user_permissions(user_id, &deployment.permissions) != PermissionLevel::None { + Ok(()) + } else { + Err(anyhow!("user does not have permissions on deployment")) + } } EntityType::Build => { let build_id = entity_id @@ -247,7 +255,11 @@ async fn user_can_see_update( .await .context(format!("failed at query to get build at {build_id}"))? .ok_or(anyhow!("did not build with id {build_id}"))?; - user_permissions(user_id, &build.permissions) + if user_permissions(user_id, &build.permissions) != PermissionLevel::None { + Ok(()) + } else { + Err(anyhow!("user does not have permissions on build")) + } } } }