mirror of
https://github.com/lldap/lldap.git
synced 2026-04-05 14:48:10 +00:00
auth: move Permission and ValidationResults to auth crate
This commit is contained in:
Simon Broeng Jensen
committed by
nitnelave
nitnelave
parent
ca1c6ff645
commit
2a226963ee
@@ -171,6 +171,10 @@ version = "*"
|
||||
default-features = false
|
||||
features = ["sync", "tls-rustls"]
|
||||
|
||||
[dev-dependencies.lldap_auth]
|
||||
path = "../crates/auth"
|
||||
features = ["test"]
|
||||
|
||||
[dev-dependencies.reqwest]
|
||||
version = "*"
|
||||
default-features = false
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
use std::collections::HashSet;
|
||||
|
||||
use async_trait::async_trait;
|
||||
use tracing::info;
|
||||
|
||||
use lldap_auth::access_control::{Permission, ValidationResults};
|
||||
use lldap_domain_handlers::handler::{
|
||||
BackendHandler, GroupBackendHandler, GroupListerBackendHandler, GroupRequestFilter,
|
||||
ReadSchemaBackendHandler, SchemaBackendHandler, UserBackendHandler, UserListerBackendHandler,
|
||||
UserRequestFilter,
|
||||
};
|
||||
use tracing::info;
|
||||
|
||||
use crate::domain::schema::PublicSchema;
|
||||
use lldap_domain::{
|
||||
@@ -23,62 +23,6 @@ use lldap_domain::{
|
||||
};
|
||||
use lldap_domain_model::error::Result;
|
||||
|
||||
#[derive(Clone, Copy, PartialEq, Eq, Debug)]
|
||||
pub enum Permission {
|
||||
Admin,
|
||||
PasswordManager,
|
||||
Readonly,
|
||||
Regular,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct ValidationResults {
|
||||
pub user: UserId,
|
||||
pub permission: Permission,
|
||||
}
|
||||
|
||||
impl ValidationResults {
|
||||
#[cfg(test)]
|
||||
pub fn admin() -> Self {
|
||||
Self {
|
||||
user: UserId::new("admin"),
|
||||
permission: Permission::Admin,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_admin(&self) -> bool {
|
||||
self.permission == Permission::Admin
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn can_read_all(&self) -> bool {
|
||||
self.permission == Permission::Admin
|
||||
|| self.permission == Permission::Readonly
|
||||
|| self.permission == Permission::PasswordManager
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn can_read(&self, user: &UserId) -> bool {
|
||||
self.permission == Permission::Admin
|
||||
|| self.permission == Permission::PasswordManager
|
||||
|| self.permission == Permission::Readonly
|
||||
|| &self.user == user
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn can_change_password(&self, user: &UserId, user_is_admin: bool) -> bool {
|
||||
self.permission == Permission::Admin
|
||||
|| (self.permission == Permission::PasswordManager && !user_is_admin)
|
||||
|| &self.user == user
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn can_write(&self, user: &UserId) -> bool {
|
||||
self.permission == Permission::Admin || &self.user == user
|
||||
}
|
||||
}
|
||||
|
||||
#[async_trait]
|
||||
pub trait UserReadableBackendHandler: ReadSchemaBackendHandler {
|
||||
async fn get_user_details(&self, user_id: &UserId) -> Result<User>;
|
||||
|
||||
@@ -21,7 +21,9 @@ use std::{
|
||||
use time::ext::NumericalDuration;
|
||||
use tracing::{debug, info, instrument, warn};
|
||||
|
||||
use lldap_auth::{login, password_reset, registration, JWTClaims};
|
||||
use lldap_auth::{
|
||||
access_control::ValidationResults, login, password_reset, registration, JWTClaims,
|
||||
};
|
||||
use lldap_domain::types::{GroupDetails, GroupName, UserId};
|
||||
use lldap_domain_handlers::handler::{
|
||||
BackendHandler, BindRequest, LoginHandler, UserRequestFilter,
|
||||
@@ -31,7 +33,7 @@ use lldap_domain_model::{error::DomainError, model::UserColumn};
|
||||
use crate::{
|
||||
domain::opaque_handler::OpaqueHandler,
|
||||
infra::{
|
||||
access_control::{ReadonlyBackendHandler, UserReadableBackendHandler, ValidationResults},
|
||||
access_control::{ReadonlyBackendHandler, UserReadableBackendHandler},
|
||||
tcp_backend_handler::*,
|
||||
tcp_server::{error_to_http_response, AppState, TcpError, TcpResult},
|
||||
},
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
use crate::infra::{
|
||||
access_control::{
|
||||
AccessControlledBackendHandler, AdminBackendHandler, ReadonlyBackendHandler,
|
||||
UserReadableBackendHandler, UserWriteableBackendHandler, ValidationResults,
|
||||
UserReadableBackendHandler, UserWriteableBackendHandler,
|
||||
},
|
||||
auth_service::check_if_token_is_valid,
|
||||
cli::ExportGraphQLSchemaOpts,
|
||||
@@ -20,7 +20,7 @@ use juniper::{
|
||||
},
|
||||
EmptySubscription, FieldError, RootNode, ScalarValue,
|
||||
};
|
||||
use lldap_domain::types::UserId;
|
||||
use lldap_auth::{access_control::ValidationResults, types::UserId};
|
||||
use lldap_domain_handlers::handler::BackendHandler;
|
||||
use tracing::debug;
|
||||
|
||||
|
||||
@@ -783,15 +783,12 @@ fn deserialize_attribute(
|
||||
mod tests {
|
||||
|
||||
use super::*;
|
||||
use crate::infra::{
|
||||
access_control::{Permission, ValidationResults},
|
||||
graphql::query::Query,
|
||||
test_utils::MockTestBackendHandler,
|
||||
};
|
||||
use crate::infra::{graphql::query::Query, test_utils::MockTestBackendHandler};
|
||||
use juniper::{
|
||||
execute, graphql_value, DefaultScalarValue, EmptySubscription, GraphQLType, InputValue,
|
||||
RootNode, Variables,
|
||||
};
|
||||
use lldap_auth::access_control::{Permission, ValidationResults};
|
||||
use lldap_domain::types::{AttributeName, AttributeType};
|
||||
use mockall::predicate::eq;
|
||||
use pretty_assertions::assert_eq;
|
||||
|
||||
@@ -786,15 +786,13 @@ impl<Handler: BackendHandler> AttributeValue<Handler> {
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use crate::infra::{
|
||||
access_control::{Permission, ValidationResults},
|
||||
test_utils::{setup_default_schema, MockTestBackendHandler},
|
||||
};
|
||||
use crate::infra::test_utils::{setup_default_schema, MockTestBackendHandler};
|
||||
use chrono::TimeZone;
|
||||
use juniper::{
|
||||
execute, graphql_value, DefaultScalarValue, EmptyMutation, EmptySubscription, GraphQLType,
|
||||
RootNode, Variables,
|
||||
};
|
||||
use lldap_auth::access_control::{Permission, ValidationResults};
|
||||
use lldap_domain::{
|
||||
schema::{AttributeList, Schema},
|
||||
types::{AttributeName, AttributeType, LdapObjectClass},
|
||||
|
||||
@@ -14,7 +14,7 @@ use crate::{
|
||||
},
|
||||
infra::access_control::{
|
||||
AccessControlledBackendHandler, AdminBackendHandler, UserAndGroupListerBackendHandler,
|
||||
UserReadableBackendHandler, ValidationResults,
|
||||
UserReadableBackendHandler,
|
||||
},
|
||||
};
|
||||
use anyhow::Result;
|
||||
@@ -25,6 +25,7 @@ use ldap3_proto::proto::{
|
||||
LdapResult as LdapResultOp, LdapResultCode, LdapSearchRequest, LdapSearchResultEntry,
|
||||
LdapSearchScope, OID_PASSWORD_MODIFY, OID_WHOAMI,
|
||||
};
|
||||
use lldap_auth::access_control::ValidationResults;
|
||||
use lldap_domain::{
|
||||
requests::CreateUserRequest,
|
||||
types::{Attribute, AttributeName, AttributeType, Email, Group, UserAndGroups, UserId},
|
||||
|
||||
Reference in New Issue
Block a user