surrealpatch/lib/src/doc/allow.rs

54 lines
1.3 KiB
Rust
Raw Normal View History

use crate::ctx::Context;
use crate::dbs::Options;
use crate::dbs::Statement;
use crate::doc::Document;
use crate::err::Error;
2022-04-05 20:41:49 +00:00
use crate::sql::permission::Permission;
2021-03-29 15:43:37 +00:00
impl<'a> Document<'a> {
pub async fn allow(
&self,
ctx: &Context<'_>,
2022-04-05 20:41:49 +00:00
opt: &Options,
stm: &Statement<'_>,
) -> Result<(), Error> {
// Check if this record exists
if self.id.is_some() {
// Should we run permissions checks?
if opt.perms && opt.auth.perms() {
// Clone transaction
2023-06-21 18:31:15 +00:00
let txn = ctx.try_clone_transaction()?;
// Get the table
let tb = self.tb(opt, &txn).await?;
// Get the permission clause
let perms = if stm.is_delete() {
&tb.permissions.delete
} else if stm.is_select() {
&tb.permissions.select
} else if self.is_new() {
&tb.permissions.create
} else {
&tb.permissions.update
};
// Process the table permissions
match perms {
Permission::None => return Err(Error::Ignore),
Permission::Full => return Ok(()),
Permission::Specific(e) => {
// Disable permissions
let opt = &opt.new_with_perms(false);
let mut ctx = Context::new(ctx);
ctx.add_cursor_doc(&self.current);
// Process the PERMISSION clause
if !e.compute(&ctx, opt).await?.is_truthy() {
return Err(Error::Ignore);
}
2022-04-05 20:41:49 +00:00
}
}
}
}
// Carry on
Ok(())
}
}