Skip to content

Commit

Permalink
refactor: [torrust#448] authorization service implemented
Browse files Browse the repository at this point in the history
  • Loading branch information
@mario-nt
mario-nt committed Apr 9, 2024
1 parent a07e85b commit 66e6686
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 55 deletions.
5 changes: 2 additions & 3 deletions src/app.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,11 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
let image_cache_service: Arc<ImageCacheService> = Arc::new(ImageCacheService::new(configuration.clone()).await);
let category_service = Arc::new(category::Service::new(
category_repository.clone(),
user_repository.clone(),
authorization_service.clone(),
));
let tag_service = Arc::new(tag::Service::new(tag_repository.clone(), user_repository.clone()));
let tag_service = Arc::new(tag::Service::new(tag_repository.clone(), authorization_service.clone()));
let proxy_service = Arc::new(proxy::Service::new(image_cache_service.clone(), user_repository.clone()));
let settings_service = Arc::new(settings::Service::new(configuration.clone(), user_repository.clone()));
let settings_service = Arc::new(settings::Service::new(configuration.clone(), authorization_service.clone()));
let torrent_index = Arc::new(torrent::Index::new(
configuration.clone(),
tracker_statistics_importer.clone(),
Expand Down
11 changes: 10 additions & 1 deletion src/services/authorization.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ use crate::models::user::{UserCompact, UserId};
pub enum ACTION {
AddCategory,
DeleteCategory,
GetSettings,
GetSettingsSecret,
AddTag,
DeleteTag,
}

pub struct Service {
Expand All @@ -28,7 +32,12 @@ impl Service {
/// - The user is not authorized to perform the action.
pub async fn authorize(&self, action: ACTION, maybe_user_id: Option<UserId>) -> Result<(), ServiceError> {
match action {
ACTION::AddCategory | ACTION::DeleteCategory => match maybe_user_id {
ACTION::AddCategory
| ACTION::DeleteCategory
| ACTION::GetSettings
| ACTION::GetSettingsSecret
| ACTION::AddTag
| ACTION::DeleteTag => match maybe_user_id {
Some(user_id) => {
let user = self.get_user(user_id).await?;

Expand Down
19 changes: 4 additions & 15 deletions src/services/category.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,17 @@ use crate::databases::database::{Category, Database, Error as DatabaseError};
use crate::errors::ServiceError;
use crate::models::category::CategoryId;
use crate::models::user::UserId;
use crate::services::user::Repository;

pub struct Service {
category_repository: Arc<DbCategoryRepository>,
user_repository: Arc<Box<dyn Repository>>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(
category_repository: Arc<DbCategoryRepository>,
user_repository: Arc<Box<dyn Repository>>,
authorization_service: Arc<authorization::Service>,
) -> Service {
pub fn new(category_repository: Arc<DbCategoryRepository>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
category_repository,
user_repository,
authorization_service,
}
}
Expand Down Expand Up @@ -73,13 +66,9 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn delete_category(&self, category_name: &str, user_id: &UserId) -> Result<(), ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::DeleteCategory, Some(*user_id))
.await?;

match self.category_repository.delete(category_name).await {
Ok(()) => Ok(()),
Expand Down
28 changes: 10 additions & 18 deletions src/services/settings.rs
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
//! Settings service.
use std::sync::Arc;

use super::authorization::{self, ACTION};
use crate::config::{Configuration, ConfigurationPublic, TorrustIndex};
use crate::errors::ServiceError;
use crate::models::user::UserId;
use crate::services::user::Repository;

pub struct Service {
configuration: Arc<Configuration>,
user_repository: Arc<Box<dyn Repository>>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(configuration: Arc<Configuration>, user_repository: Arc<Box<dyn Repository>>) -> Service {
pub fn new(configuration: Arc<Configuration>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
configuration,
user_repository,
authorization_service,
}
}

Expand All @@ -26,13 +26,9 @@ impl Service {
///
/// It returns an error if the user does not have the required permissions.
pub async fn get_all(&self, user_id: &UserId) -> Result<TorrustIndex, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::GetSettings, Some(*user_id))
.await?;

let torrust_index_configuration = self.configuration.get_all().await;

Expand All @@ -45,13 +41,9 @@ impl Service {
///
/// It returns an error if the user does not have the required permissions.
pub async fn get_all_masking_secrets(&self, user_id: &UserId) -> Result<TorrustIndex, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::GetSettingsSecret, Some(*user_id))
.await?;

let mut torrust_index_configuration = self.configuration.get_all().await;

Expand Down
26 changes: 8 additions & 18 deletions src/services/tag.rs
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
//! Tag service.
use std::sync::Arc;

use super::authorization::{self, ACTION};
use crate::databases::database::{Database, Error as DatabaseError, Error};
use crate::errors::ServiceError;
use crate::models::torrent_tag::{TagId, TorrentTag};
use crate::models::user::UserId;
use crate::services::user::Repository;

pub struct Service {
tag_repository: Arc<DbTagRepository>,
user_repository: Arc<Box<dyn Repository>>,
authorization_service: Arc<authorization::Service>,
}

impl Service {
#[must_use]
pub fn new(tag_repository: Arc<DbTagRepository>, user_repository: Arc<Box<dyn Repository>>) -> Service {
pub fn new(tag_repository: Arc<DbTagRepository>, authorization_service: Arc<authorization::Service>) -> Service {
Service {
tag_repository,
user_repository,
authorization_service,
}
}

Expand All @@ -30,13 +30,7 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn add_tag(&self, tag_name: &str, user_id: &UserId) -> Result<TagId, ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service.authorize(ACTION::AddTag, Some(*user_id)).await?;

let trimmed_name = tag_name.trim();

Expand All @@ -62,13 +56,9 @@ impl Service {
/// * The user does not have the required permissions.
/// * There is a database error.
pub async fn delete_tag(&self, tag_id: &TagId, user_id: &UserId) -> Result<(), ServiceError> {
let user = self.user_repository.get_compact(user_id).await?;

// Check if user is administrator
// todo: extract authorization service
if !user.administrator {
return Err(ServiceError::Unauthorized);
}
self.authorization_service
.authorize(ACTION::DeleteTag, Some(*user_id))
.await?;

match self.tag_repository.delete(tag_id).await {
Ok(()) => Ok(()),
Expand Down

0 comments on commit 66e6686

Please sign in to comment.