use std::path::PathBuf;
use crate::error::SkillError;
use crate::types::skill::SkillPermission;
#[derive(Debug)]
pub struct PermissionValidator {
allowed_network: bool,
allowed_paths: Vec<PathBuf>,
}
impl PermissionValidator {
pub fn new(allowed_network: bool, allowed_paths: Vec<PathBuf>) -> Self {
Self {
allowed_network,
allowed_paths,
}
}
pub fn check(&self, perm: &SkillPermission) -> Result<(), SkillError> {
match perm {
SkillPermission::Network => {
if !self.allowed_network {
return Err(SkillError::PermissionDenied {
required: vec![SkillPermission::Network],
});
}
}
SkillPermission::FileRead | SkillPermission::FileWrite => {
if self.allowed_paths.is_empty() {
return Err(SkillError::PermissionDenied {
required: vec![perm.clone()],
});
}
}
SkillPermission::Execute => {
return Err(SkillError::PermissionDenied {
required: vec![SkillPermission::Execute],
});
}
SkillPermission::Custom(ref tag) => {
return Err(SkillError::PermissionDenied {
required: vec![SkillPermission::Custom(tag.clone())],
});
}
}
Ok(())
}
pub fn check_all(&self, perms: &[SkillPermission]) -> Result<(), SkillError> {
let denied: Vec<SkillPermission> = perms
.iter()
.filter(|p| self.check(p).is_err())
.cloned()
.collect();
if !denied.is_empty() {
return Err(SkillError::PermissionDenied { required: denied });
}
Ok(())
}
}