From 176aae037400b43cb3971cd968afe59c73b3097a Mon Sep 17 00:00:00 2001 From: benj Date: Sat, 31 Dec 2022 21:53:34 -0800 Subject: cleanup authz --- crates/secd/src/auth/z.rs | 35 ++++++++++++++++++++-------------- crates/secd/src/client/store/sql_db.rs | 4 ---- crates/secd/src/lib.rs | 3 ++- 3 files changed, 23 insertions(+), 19 deletions(-) (limited to 'crates/secd') diff --git a/crates/secd/src/auth/z.rs b/crates/secd/src/auth/z.rs index 81c3639..31f449c 100644 --- a/crates/secd/src/auth/z.rs +++ b/crates/secd/src/auth/z.rs @@ -1,12 +1,6 @@ use uuid::Uuid; -use crate::{client::spice::SpiceError, Secd}; - -#[derive(Debug, thiserror::Error, derive_more::Display)] -pub enum AuthZError { - SpiceClient(#[from] SpiceError), - Todo, -} +use crate::{Secd, SecdError}; pub type Namespace = String; pub type Object = (Namespace, Uuid); @@ -15,7 +9,7 @@ pub type Relation = String; pub struct Relationship { pub subject: Subject, pub object: Object, - pub relation: String, + pub relation: Relation, } #[derive(Clone)] @@ -25,7 +19,7 @@ pub enum Subject { } impl Secd { - pub async fn check(&self, r: &Relationship) -> Result { + pub async fn check(&self, r: &Relationship) -> Result { let spice = self .spice .clone() @@ -33,22 +27,35 @@ impl Secd { Ok(spice.check_permission(r).await?) } - pub async fn expand(&self) -> Result<(), AuthZError> { + pub async fn expand(&self) -> Result<(), SecdError> { todo!() } - pub async fn read(&self) -> Result<(), AuthZError> { + pub async fn read(&self) -> Result<(), SecdError> { todo!() } - pub async fn watch(&self) -> Result<(), AuthZError> { + pub async fn watch(&self) -> Result<(), SecdError> { unimplemented!() } - pub async fn write(&self, ts: &[Relationship]) -> Result<(), AuthZError> { + pub async fn write(&self, ts: &[Relationship]) -> Result<(), SecdError> { let spice = self .spice .clone() .expect("TODO: only supports postgres right now"); - spice.write_relationship(ts).await?; + // Since spice doesn't really have a great schema pattern, we + // prefix all incoming write relationships with an r_ to indicate + // they are "relationships" rather than what spice calls permissions + spice + .write_relationship( + &ts.into_iter() + .map(|r| Relationship { + subject: r.subject.clone(), + object: r.object.clone(), + relation: format!("r_{}", r.relation), + }) + .collect::>(), + ) + .await?; Ok(()) } } diff --git a/crates/secd/src/client/store/sql_db.rs b/crates/secd/src/client/store/sql_db.rs index 6d84301..ecb13be 100644 --- a/crates/secd/src/client/store/sql_db.rs +++ b/crates/secd/src/client/store/sql_db.rs @@ -430,10 +430,6 @@ where session_token_hash: &Option>, ) -> Result, StoreError> { let sqls = get_sqls(&self.sqls_root, FIND_IDENTITY); - println!("{:?}", id); - println!("{:?}", address_value); - println!("{:?}", address_is_validated); - println!("{:?}", session_token_hash); let rs = sqlx::query_as::< _, ( diff --git a/crates/secd/src/lib.rs b/crates/secd/src/lib.rs index 15a92a8..15615b2 100644 --- a/crates/secd/src/lib.rs +++ b/crates/secd/src/lib.rs @@ -4,7 +4,7 @@ mod util; use client::{ email::{EmailMessenger, EmailMessengerError, LocalMailer}, - spice::Spice, + spice::{Spice, SpiceError}, store::{ sql_db::{PgClient, SqliteClient}, Store, StoreError, @@ -64,6 +64,7 @@ pub enum SecdError { FailedToDecodeInput(#[from] hex::FromHexError), AuthorizationNotSupported(String), + SpiceClient(#[from] SpiceError), Todo, } -- cgit v1.2.3