Ensure correct permissions are used on each query

This commit is contained in:
Tobie Morgan Hitchcock 2022-06-26 14:28:55 +01:00
parent ccdce709f2
commit 34ba79428c
5 changed files with 20 additions and 11 deletions

View file

@ -82,6 +82,11 @@ impl<'a> Statement<'a> {
pub fn is_select(&self) -> bool { pub fn is_select(&self) -> bool {
matches!(self, Statement::Select(_)) matches!(self, Statement::Select(_))
} }
// Check the type of statement
#[inline]
pub fn is_delete(&self) -> bool {
matches!(self, Statement::Delete(_))
}
// Returns any query fields if specified // Returns any query fields if specified
#[inline] #[inline]
pub fn expr(&self) -> Option<&Fields> { pub fn expr(&self) -> Option<&Fields> {

View file

@ -19,12 +19,12 @@ impl<'a> Document<'a> {
// Get the table // Get the table
let tb = self.tb(opt, txn).await?; let tb = self.tb(opt, txn).await?;
// Get the permission clause // Get the permission clause
let perms = if self.initial.is_none() { let perms = if stm.is_delete() {
&tb.permissions.create
} else if self.current.is_none() {
&tb.permissions.delete &tb.permissions.delete
} else if stm.is_select() { } else if stm.is_select() {
&tb.permissions.select &tb.permissions.select
} else if self.is_new() {
&tb.permissions.create
} else { } else {
&tb.permissions.update &tb.permissions.update
}; };

View file

@ -39,6 +39,10 @@ impl<'a> Document<'a> {
pub fn changed(&self) -> bool { pub fn changed(&self) -> bool {
self.initial != self.current self.initial != self.current
} }
// Check if document has changed
pub fn is_new(&self) -> bool {
self.initial.is_none()
}
// Get the table for this document // Get the table for this document
pub async fn tb( pub async fn tb(
&self, &self,

View file

@ -13,7 +13,7 @@ impl<'a> Document<'a> {
ctx: &Context<'_>, ctx: &Context<'_>,
opt: &Options, opt: &Options,
txn: &Transaction, txn: &Transaction,
_stm: &Statement<'_>, stm: &Statement<'_>,
) -> Result<(), Error> { ) -> Result<(), Error> {
// Check events // Check events
if !opt.events { if !opt.events {
@ -26,10 +26,10 @@ impl<'a> Document<'a> {
// Loop through all event statements // Loop through all event statements
for ev in self.ev(opt, txn).await?.iter() { for ev in self.ev(opt, txn).await?.iter() {
// Get the event action // Get the event action
let met = if self.initial.is_none() { let met = if stm.is_delete() {
Value::from("CREATE")
} else if self.current.is_none() {
Value::from("DELETE") Value::from("DELETE")
} else if self.is_new() {
Value::from("CREATE")
} else { } else {
Value::from("UPDATE") Value::from("UPDATE")
}; };

View file

@ -13,7 +13,7 @@ impl<'a> Document<'a> {
ctx: &Context<'_>, ctx: &Context<'_>,
opt: &Options, opt: &Options,
txn: &Transaction, txn: &Transaction,
_stm: &Statement<'_>, stm: &Statement<'_>,
) -> Result<(), Error> { ) -> Result<(), Error> {
// Loop through all field statements // Loop through all field statements
for fd in self.fd(opt, txn).await?.iter() { for fd in self.fd(opt, txn).await?.iter() {
@ -56,10 +56,10 @@ impl<'a> Document<'a> {
// Check for a PERMISSIONS clause // Check for a PERMISSIONS clause
if opt.perms && opt.auth.perms() { if opt.perms && opt.auth.perms() {
// Get the permission clause // Get the permission clause
let perms = if self.initial.is_none() { let perms = if stm.is_delete() {
&fd.permissions.create
} else if self.current.is_none() {
&fd.permissions.delete &fd.permissions.delete
} else if self.is_new() {
&fd.permissions.create
} else { } else {
&fd.permissions.update &fd.permissions.update
}; };