lab-resource-manager 1.1.0

GPU and room resource management system with Google Calendar and Slack integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

use super::policy::{AuthorizationError, AuthorizationPolicy};
use crate::domain::aggregates::resource_usage::entity::ResourceUsage;
use crate::domain::common::EmailAddress;

/// ResourceUsageの認可ポリシー
///
/// 所有者(owner)のみが更新・削除できるシンプルなポリシー
#[derive(Debug, Clone, Default)]
pub struct ResourceUsageAuthorizationPolicy;

impl ResourceUsageAuthorizationPolicy {
    pub fn new() -> Self {
        Self
    }

    /// 所有者かどうかをチェック
    fn is_owner(&self, actor: &EmailAddress, resource: &ResourceUsage) -> bool {
        resource.owner_email() == actor
    }
}

impl AuthorizationPolicy<ResourceUsage> for ResourceUsageAuthorizationPolicy {
    fn authorize_update(
        &self,
        actor: &EmailAddress,
        resource: &ResourceUsage,
    ) -> Result<(), AuthorizationError> {
        if !self.is_owner(actor, resource) {
            return Err(AuthorizationError::Forbidden {
                actor: actor.clone(),
                action: "update".to_string(),
                resource: format!("ResourceUsage({})", resource.id().as_str()),
            });
        }
        Ok(())
    }

    fn authorize_delete(
        &self,
        actor: &EmailAddress,
        resource: &ResourceUsage,
    ) -> Result<(), AuthorizationError> {
        if !self.is_owner(actor, resource) {
            return Err(AuthorizationError::Forbidden {
                actor: actor.clone(),
                action: "delete".to_string(),
                resource: format!("ResourceUsage({})", resource.id().as_str()),
            });
        }
        Ok(())
    }
}