bc_xid/
permissions.rs

1use std::collections::HashSet;
2
3use bc_envelope::prelude::*;
4use known_values::{ALLOW, DENY};
5
6use super::Privilege;
7use crate::Result;
8
9#[derive(Debug, Clone, PartialEq, Eq)]
10pub struct Permissions {
11    allow: HashSet<Privilege>,
12    deny: HashSet<Privilege>,
13}
14
15pub trait HasPermissions {
16    fn permissions(&self) -> &Permissions;
17    fn permissions_mut(&mut self) -> &mut Permissions;
18
19    fn allow(&self) -> &HashSet<Privilege> { &self.permissions().allow }
20
21    fn deny(&self) -> &HashSet<Privilege> { &self.permissions().deny }
22
23    fn allow_mut(&mut self) -> &mut HashSet<Privilege> {
24        &mut self.permissions_mut().allow
25    }
26
27    fn deny_mut(&mut self) -> &mut HashSet<Privilege> {
28        &mut self.permissions_mut().deny
29    }
30
31    fn add_allow(&mut self, privilege: Privilege) {
32        self.allow_mut().insert(privilege);
33    }
34
35    fn add_deny(&mut self, privilege: Privilege) {
36        self.deny_mut().insert(privilege);
37    }
38
39    fn remove_allow(&mut self, privilege: &Privilege) {
40        self.allow_mut().remove(privilege);
41    }
42
43    fn remove_deny(&mut self, privilege: &Privilege) {
44        self.deny_mut().remove(privilege);
45    }
46
47    fn clear_all_permissions(&mut self) {
48        self.permissions_mut().allow.clear();
49        self.permissions_mut().deny.clear();
50    }
51}
52
53impl Permissions {
54    pub fn new() -> Self {
55        Self { allow: HashSet::new(), deny: HashSet::new() }
56    }
57
58    pub fn new_allow_all() -> Self {
59        let mut allow = HashSet::new();
60        allow.insert(Privilege::All);
61        Self { allow, deny: HashSet::new() }
62    }
63
64    pub fn add_to_envelope(&self, envelope: Envelope) -> Envelope {
65        let mut envelope = envelope;
66        envelope = self.allow.iter().fold(envelope, |envelope, privilege| {
67            envelope.add_assertion(ALLOW, privilege)
68        });
69        envelope = self.deny.iter().fold(envelope, |envelope, privilege| {
70            envelope.add_assertion(DENY, privilege)
71        });
72        envelope
73    }
74
75    pub fn try_from_envelope(envelope: &Envelope) -> Result<Self> {
76        let allow = envelope
77            .objects_for_predicate(ALLOW)
78            .iter()
79            .cloned()
80            .map(Privilege::try_from)
81            .collect::<Result<HashSet<_>>>()?;
82        let deny = envelope
83            .objects_for_predicate(DENY)
84            .iter()
85            .cloned()
86            .map(Privilege::try_from)
87            .collect::<Result<HashSet<_>>>()?;
88        Ok(Self { allow, deny })
89    }
90}
91
92impl HasPermissions for Permissions {
93    fn permissions(&self) -> &Permissions { self }
94
95    fn permissions_mut(&mut self) -> &mut Permissions { self }
96}
97
98impl Default for Permissions {
99    fn default() -> Self { Self::new() }
100}
bc_xid/permissions.rs

bc_xid/
permissions.rs
