Ensure correct permissions are used on each query
This commit is contained in:
parent
ccdce709f2
commit
34ba79428c
5 changed files with 20 additions and 11 deletions
|
@ -82,6 +82,11 @@ impl<'a> Statement<'a> {
|
||||||
pub fn is_select(&self) -> bool {
|
pub fn is_select(&self) -> bool {
|
||||||
matches!(self, Statement::Select(_))
|
matches!(self, Statement::Select(_))
|
||||||
}
|
}
|
||||||
|
// Check the type of statement
|
||||||
|
#[inline]
|
||||||
|
pub fn is_delete(&self) -> bool {
|
||||||
|
matches!(self, Statement::Delete(_))
|
||||||
|
}
|
||||||
// Returns any query fields if specified
|
// Returns any query fields if specified
|
||||||
#[inline]
|
#[inline]
|
||||||
pub fn expr(&self) -> Option<&Fields> {
|
pub fn expr(&self) -> Option<&Fields> {
|
||||||
|
|
|
@ -19,12 +19,12 @@ impl<'a> Document<'a> {
|
||||||
// Get the table
|
// Get the table
|
||||||
let tb = self.tb(opt, txn).await?;
|
let tb = self.tb(opt, txn).await?;
|
||||||
// Get the permission clause
|
// Get the permission clause
|
||||||
let perms = if self.initial.is_none() {
|
let perms = if stm.is_delete() {
|
||||||
&tb.permissions.create
|
|
||||||
} else if self.current.is_none() {
|
|
||||||
&tb.permissions.delete
|
&tb.permissions.delete
|
||||||
} else if stm.is_select() {
|
} else if stm.is_select() {
|
||||||
&tb.permissions.select
|
&tb.permissions.select
|
||||||
|
} else if self.is_new() {
|
||||||
|
&tb.permissions.create
|
||||||
} else {
|
} else {
|
||||||
&tb.permissions.update
|
&tb.permissions.update
|
||||||
};
|
};
|
||||||
|
|
|
@ -39,6 +39,10 @@ impl<'a> Document<'a> {
|
||||||
pub fn changed(&self) -> bool {
|
pub fn changed(&self) -> bool {
|
||||||
self.initial != self.current
|
self.initial != self.current
|
||||||
}
|
}
|
||||||
|
// Check if document has changed
|
||||||
|
pub fn is_new(&self) -> bool {
|
||||||
|
self.initial.is_none()
|
||||||
|
}
|
||||||
// Get the table for this document
|
// Get the table for this document
|
||||||
pub async fn tb(
|
pub async fn tb(
|
||||||
&self,
|
&self,
|
||||||
|
|
|
@ -13,7 +13,7 @@ impl<'a> Document<'a> {
|
||||||
ctx: &Context<'_>,
|
ctx: &Context<'_>,
|
||||||
opt: &Options,
|
opt: &Options,
|
||||||
txn: &Transaction,
|
txn: &Transaction,
|
||||||
_stm: &Statement<'_>,
|
stm: &Statement<'_>,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
// Check events
|
// Check events
|
||||||
if !opt.events {
|
if !opt.events {
|
||||||
|
@ -26,10 +26,10 @@ impl<'a> Document<'a> {
|
||||||
// Loop through all event statements
|
// Loop through all event statements
|
||||||
for ev in self.ev(opt, txn).await?.iter() {
|
for ev in self.ev(opt, txn).await?.iter() {
|
||||||
// Get the event action
|
// Get the event action
|
||||||
let met = if self.initial.is_none() {
|
let met = if stm.is_delete() {
|
||||||
Value::from("CREATE")
|
|
||||||
} else if self.current.is_none() {
|
|
||||||
Value::from("DELETE")
|
Value::from("DELETE")
|
||||||
|
} else if self.is_new() {
|
||||||
|
Value::from("CREATE")
|
||||||
} else {
|
} else {
|
||||||
Value::from("UPDATE")
|
Value::from("UPDATE")
|
||||||
};
|
};
|
||||||
|
|
|
@ -13,7 +13,7 @@ impl<'a> Document<'a> {
|
||||||
ctx: &Context<'_>,
|
ctx: &Context<'_>,
|
||||||
opt: &Options,
|
opt: &Options,
|
||||||
txn: &Transaction,
|
txn: &Transaction,
|
||||||
_stm: &Statement<'_>,
|
stm: &Statement<'_>,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
// Loop through all field statements
|
// Loop through all field statements
|
||||||
for fd in self.fd(opt, txn).await?.iter() {
|
for fd in self.fd(opt, txn).await?.iter() {
|
||||||
|
@ -56,10 +56,10 @@ impl<'a> Document<'a> {
|
||||||
// Check for a PERMISSIONS clause
|
// Check for a PERMISSIONS clause
|
||||||
if opt.perms && opt.auth.perms() {
|
if opt.perms && opt.auth.perms() {
|
||||||
// Get the permission clause
|
// Get the permission clause
|
||||||
let perms = if self.initial.is_none() {
|
let perms = if stm.is_delete() {
|
||||||
&fd.permissions.create
|
|
||||||
} else if self.current.is_none() {
|
|
||||||
&fd.permissions.delete
|
&fd.permissions.delete
|
||||||
|
} else if self.is_new() {
|
||||||
|
&fd.permissions.create
|
||||||
} else {
|
} else {
|
||||||
&fd.permissions.update
|
&fd.permissions.update
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue