91 lines
2.9 KiB
Rust
91 lines
2.9 KiB
Rust
use rocket::serde::json::Json;
|
|
use rocket::State;
|
|
|
|
use crate::database::controller::members::check_access_to_resource;
|
|
use crate::database::controller::permissions::{get_role_permission_context, get_role_permission_id};
|
|
use crate::database::controller::roles::get_roles_for_member;
|
|
use crate::helper::session_cookies::model::SessionCookie;
|
|
use crate::helper::settings::Settings;
|
|
use crate::helper::translate_diesel_error::translate_diesel;
|
|
use crate::modules::api::member_management::controller::parser::{parse_member_cookie, parse_uuid_string};
|
|
use crate::modules::api::model::api_outcome::ApiErrorWrapper;
|
|
|
|
/// Check if caller has permission
|
|
///
|
|
/// # Api Call
|
|
/// * GET
|
|
/// * /api/info/caller/permissions?permission=<permission_string : String>&entity_id=<entity_id: Option<String>>
|
|
///
|
|
/// # Api Result
|
|
/// * Result bool / ApiErrorWrapper
|
|
///
|
|
/// # Required permissions
|
|
/// * None
|
|
#[get("/api/info/caller/permissions?<permission>&<entity_id>", format = "json")]
|
|
pub fn check_caller_has_permission(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
permission: String,
|
|
entity_id: Option<String>,
|
|
) -> Result<Json<bool>, Json<ApiErrorWrapper>> {
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
|
|
match entity_id{
|
|
Some(entity_id) => {
|
|
let entity_id = parse_uuid_string(entity_id)?;
|
|
Ok(Json(check_access_to_resource(settings, caller.entity_id, entity_id, &permission)))
|
|
},
|
|
None => {
|
|
Ok(Json(caller.has_permission(permission)))
|
|
}
|
|
}
|
|
}
|
|
|
|
/// Get context entries caller has permissions for
|
|
///
|
|
/// # Api Call
|
|
/// * GET
|
|
/// * /api/info/caller/permission_context?permission=<permission_string : String>
|
|
///
|
|
/// # Api Result
|
|
/// * Result JSON<Vec<uuid::Uuid>> / ApiErrorWrapper
|
|
///
|
|
/// # Required permissions
|
|
/// * None
|
|
#[get("/api/info/caller/permission_context?<permission>", format = "json")]
|
|
pub fn get_caller_permission_context(
|
|
settings: &State<Settings>,
|
|
cookie: SessionCookie,
|
|
permission: String,
|
|
) -> Result<Json<Vec<uuid::Uuid>>, Json<ApiErrorWrapper>> {
|
|
let caller = parse_member_cookie(cookie.member)?;
|
|
|
|
let roles = match get_roles_for_member(settings, caller.entity_id){
|
|
Ok(roles) => roles,
|
|
Err(e) => return Err(translate_diesel(e))
|
|
};
|
|
|
|
let mut res : Vec<uuid::Uuid> = vec![];
|
|
|
|
for role in roles{
|
|
let rpi = get_role_permission_id(settings, &permission, &role);
|
|
match rpi{
|
|
Ok(rpi) => match rpi{
|
|
Some(rpi) => {
|
|
match get_role_permission_context(settings, rpi){
|
|
Ok(context) => {
|
|
res.append(&mut context.clone())
|
|
},
|
|
Err(e) => return Err(translate_diesel(e))
|
|
}},
|
|
None => {},
|
|
},
|
|
Err(e) => {
|
|
return Err(translate_diesel(e))
|
|
}
|
|
}
|
|
}
|
|
|
|
Ok(Json(res))
|
|
}
|