From 34ba79428cd39d25e053fa98aa860a631c785467 Mon Sep 17 00:00:00 2001 From: Tobie Morgan Hitchcock Date: Sun, 26 Jun 2022 14:28:55 +0100 Subject: [PATCH] Ensure correct permissions are used on each query --- lib/src/dbs/statement.rs | 5 +++++ lib/src/doc/allow.rs | 6 +++--- lib/src/doc/document.rs | 4 ++++ lib/src/doc/event.rs | 8 ++++---- lib/src/doc/field.rs | 8 ++++---- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/lib/src/dbs/statement.rs b/lib/src/dbs/statement.rs index dd863141..59e347ad 100644 --- a/lib/src/dbs/statement.rs +++ b/lib/src/dbs/statement.rs @@ -82,6 +82,11 @@ impl<'a> Statement<'a> { pub fn is_select(&self) -> bool { matches!(self, Statement::Select(_)) } + // Check the type of statement + #[inline] + pub fn is_delete(&self) -> bool { + matches!(self, Statement::Delete(_)) + } // Returns any query fields if specified #[inline] pub fn expr(&self) -> Option<&Fields> { diff --git a/lib/src/doc/allow.rs b/lib/src/doc/allow.rs index fa3320d0..264a4f31 100644 --- a/lib/src/doc/allow.rs +++ b/lib/src/doc/allow.rs @@ -19,12 +19,12 @@ impl<'a> Document<'a> { // Get the table let tb = self.tb(opt, txn).await?; // Get the permission clause - let perms = if self.initial.is_none() { - &tb.permissions.create - } else if self.current.is_none() { + let perms = if stm.is_delete() { &tb.permissions.delete } else if stm.is_select() { &tb.permissions.select + } else if self.is_new() { + &tb.permissions.create } else { &tb.permissions.update }; diff --git a/lib/src/doc/document.rs b/lib/src/doc/document.rs index 9d2da777..852ae0a7 100644 --- a/lib/src/doc/document.rs +++ b/lib/src/doc/document.rs @@ -39,6 +39,10 @@ impl<'a> Document<'a> { pub fn changed(&self) -> bool { self.initial != self.current } + // Check if document has changed + pub fn is_new(&self) -> bool { + self.initial.is_none() + } // Get the table for this document pub async fn tb( &self, diff --git a/lib/src/doc/event.rs b/lib/src/doc/event.rs index 6c5286fc..a981da69 100644 --- a/lib/src/doc/event.rs +++ b/lib/src/doc/event.rs @@ -13,7 +13,7 @@ impl<'a> Document<'a> { ctx: &Context<'_>, opt: &Options, txn: &Transaction, - _stm: &Statement<'_>, + stm: &Statement<'_>, ) -> Result<(), Error> { // Check events if !opt.events { @@ -26,10 +26,10 @@ impl<'a> Document<'a> { // Loop through all event statements for ev in self.ev(opt, txn).await?.iter() { // Get the event action - let met = if self.initial.is_none() { - Value::from("CREATE") - } else if self.current.is_none() { + let met = if stm.is_delete() { Value::from("DELETE") + } else if self.is_new() { + Value::from("CREATE") } else { Value::from("UPDATE") }; diff --git a/lib/src/doc/field.rs b/lib/src/doc/field.rs index f8455377..c3da8ea0 100644 --- a/lib/src/doc/field.rs +++ b/lib/src/doc/field.rs @@ -13,7 +13,7 @@ impl<'a> Document<'a> { ctx: &Context<'_>, opt: &Options, txn: &Transaction, - _stm: &Statement<'_>, + stm: &Statement<'_>, ) -> Result<(), Error> { // Loop through all field statements for fd in self.fd(opt, txn).await?.iter() { @@ -56,10 +56,10 @@ impl<'a> Document<'a> { // Check for a PERMISSIONS clause if opt.perms && opt.auth.perms() { // Get the permission clause - let perms = if self.initial.is_none() { - &fd.permissions.create - } else if self.current.is_none() { + let perms = if stm.is_delete() { &fd.permissions.delete + } else if self.is_new() { + &fd.permissions.create } else { &fd.permissions.update };