1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
use actix_web::dev::{Payload, PayloadStream};
use actix_web::error::ErrorUnauthorized;
use actix_web::{Error, FromRequest, HttpRequest};
use std::future::Future;
use std::pin::Pin;
mod attache;
mod extractors;
pub use attache::AttachPermissions;
pub use extractors::*;
#[derive(Clone)]
pub struct AuthDetails {
pub permissions: Vec<String>,
}
impl AuthDetails {
pub fn new(permissions: Vec<String>) -> AuthDetails {
AuthDetails { permissions }
}
}
pub trait PermissionsCheck {
fn has_permission(&self, permission: &str) -> bool;
fn has_permissions(&self, permissions: Vec<&str>) -> bool;
fn has_any_permission(&self, permissions: Vec<&str>) -> bool;
}
impl PermissionsCheck for AuthDetails {
fn has_permission(&self, permission: &str) -> bool {
self.permissions
.iter()
.any(|auth| auth.as_str() == permission)
}
fn has_permissions(&self, permissions: Vec<&str>) -> bool {
permissions
.into_iter()
.all(|auth| self.has_permission(auth))
}
fn has_any_permission(&self, permissions: Vec<&str>) -> bool {
permissions
.into_iter()
.any(|auth| self.has_permission(auth))
}
}
pub(crate) const ROLE_PREFIX: &str = "ROLE_";
pub trait RolesCheck {
fn has_role(&self, permission: &str) -> bool;
fn has_roles(&self, permissions: Vec<&str>) -> bool;
fn has_any_role(&self, permissions: Vec<&str>) -> bool;
}
impl RolesCheck for AuthDetails {
fn has_role(&self, permission: &str) -> bool {
let permission = format!("{}{}", ROLE_PREFIX, permission);
self.permissions.iter().any(|auth| auth == &permission)
}
fn has_roles(&self, permissions: Vec<&str>) -> bool {
permissions.into_iter().all(|auth| self.has_role(auth))
}
fn has_any_role(&self, permissions: Vec<&str>) -> bool {
permissions.into_iter().any(|auth| self.has_role(auth))
}
}
impl FromRequest for AuthDetails {
type Error = Error;
type Future = Pin<Box<dyn Future<Output = Result<Self, Error>>>>;
type Config = ();
fn from_request(req: &HttpRequest, _payload: &mut Payload<PayloadStream>) -> Self::Future {
let req = req.clone();
Box::pin(async move {
req.extensions()
.get::<AuthDetails>()
.map(AuthDetails::clone)
.ok_or_else(|| ErrorUnauthorized("User unauthorized!"))
})
}
}