paas_server/
access_rules.rs1use crate::auth::core::AuthInfo;
2use chrono::{DateTime, Utc};
3use libpep::factors::PseudonymizationDomain;
4use serde::Deserialize;
5use serde::Serialize;
6
7#[derive(Clone, Debug, Serialize, Deserialize)]
8pub struct Permission {
9 pub usergroups: Vec<String>,
10 pub start: Option<DateTime<Utc>>,
11 pub end: Option<DateTime<Utc>>,
12 pub from: Vec<PseudonymizationDomain>,
13 pub to: Vec<PseudonymizationDomain>,
14}
15#[derive(Clone, Debug, Serialize, Deserialize)]
16pub struct AccessRules {
17 pub allow: Vec<Permission>,
18}
19impl AccessRules {
20 pub fn load(file_path: &str) -> Self {
21 let file = std::fs::read_to_string(file_path).expect("Failed to read access rules file");
22 serde_yml::from_str(&file).expect("Failed to parse access rules file")
23 }
24 fn get_currently_valid_permissions(&self) -> Vec<&Permission> {
25 self.allow
26 .iter()
27 .filter(|permission| {
28 if let Some(start) = permission.start {
29 if start > Utc::now() {
30 return false;
31 }
32 }
33 if let Some(end) = permission.end {
34 if end < Utc::now() {
35 return false;
36 }
37 }
38 true
39 })
40 .collect()
41 }
42 pub fn has_access(
43 &self,
44 authentication_info: &AuthInfo,
45 from: &PseudonymizationDomain,
46 to: &PseudonymizationDomain,
47 ) -> bool {
48 for permission in self.get_currently_valid_permissions() {
49 if permission
50 .usergroups
51 .iter()
52 .any(|group| authentication_info.groups.contains(group))
53 && permission.from.iter().any(|context| context == from)
54 && permission.to.iter().any(|context| context == to)
55 {
56 return true;
57 }
58 }
59 false
60 }
61}