1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
use crate::CONF;
use anyhow::anyhow;
use jellycommon::{
user::{PermissionSet, UserPermission},
Node,
};
pub trait PermissionSetExt {
fn check_explicit(&self, perm: &UserPermission) -> Option<bool>;
fn check(&self, perm: &UserPermission) -> bool {
self.check_explicit(perm).unwrap_or(perm.default_value())
}
fn assert(&self, perm: &UserPermission) -> Result<(), anyhow::Error>;
}
impl PermissionSetExt for PermissionSet {
fn check_explicit(&self, perm: &UserPermission) -> Option<bool> {
self.0
.get(&perm)
.or(CONF.default_permission_set.0.get(&perm))
.map(|v| *v)
}
fn assert(&self, perm: &UserPermission) -> Result<(), anyhow::Error> {
if self.check(perm) {
Ok(())
} else {
Err(anyhow!(
"sorry, you need special permission {perm:?} for this action."
))
}
}
}
pub trait NodePermissionExt {
fn only_if_permitted(self, perms: &PermissionSet) -> Self;
}
impl NodePermissionExt for Option<Node> {
fn only_if_permitted(self, perms: &PermissionSet) -> Self {
self.and_then(|node| {
if check_node_permission(perms, &node) {
Some(node)
} else {
None
}
})
}
}
fn check_node_permission(perms: &PermissionSet, node: &Node) -> bool {
if let Some(v) =
perms.check_explicit(&UserPermission::AccessNode(node.public.id.clone().unwrap()))
{
v
} else {
for com in node.public.path.clone().into_iter().rev() {
if let Some(v) = perms.check_explicit(&UserPermission::AccessNode(com.to_owned())) {
return v;
}
}
return true;
}
}
|
