Implement PERMISSIONS clauses
This commit is contained in:
Tobie Morgan Hitchcock
parent
200741a35e
commit
5df1040dd8
5 changed files with 43 additions and 8 deletions
|
|
@ -86,6 +86,11 @@ impl fmt::Display for Statement {
|
|||
}
|
||||
|
||||
impl Statement {
|
||||
// Check the type of statement
|
||||
#[inline]
|
||||
pub fn is_select(&self) -> bool {
|
||||
matches!(self, Statement::Select(_))
|
||||
}
|
||||
// Returns any query fields if specified
|
||||
#[inline]
|
||||
pub fn expr(&self) -> Option<&Fields> {
|
||||
|
|
|
|||
|
|
@ -4,15 +4,45 @@ use crate::dbs::Statement;
|
|||
use crate::dbs::Transaction;
|
||||
use crate::doc::Document;
|
||||
use crate::err::Error;
|
||||
use crate::sql::permission::Permission;
|
||||
|
||||
impl<'a> Document<'a> {
|
||||
pub async fn allow(
|
||||
&self,
|
||||
_ctx: &Runtime,
|
||||
_opt: &Options,
|
||||
_txn: &Transaction,
|
||||
_stm: &Statement,
|
||||
ctx: &Runtime,
|
||||
opt: &Options,
|
||||
txn: &Transaction,
|
||||
stm: &Statement,
|
||||
) -> Result<(), Error> {
|
||||
// Check permission clause
|
||||
if opt.perms && opt.auth.perms() && self.id.is_some() {
|
||||
// Get the table
|
||||
let tb = self.tb(ctx, opt, txn).await?;
|
||||
// Get the permission
|
||||
let perms = if self.initial.is_none() {
|
||||
&tb.permissions.create
|
||||
} else if self.current.is_none() {
|
||||
&tb.permissions.delete
|
||||
} else if stm.is_select() {
|
||||
&tb.permissions.select
|
||||
} else {
|
||||
&tb.permissions.update
|
||||
};
|
||||
// Match the permission
|
||||
match perms {
|
||||
Permission::None => return Err(Error::Ignore),
|
||||
Permission::Full => return Ok(()),
|
||||
Permission::Specific(e) => {
|
||||
// Ensure permissions are disabled
|
||||
let opt = &opt.perms(false);
|
||||
// Process the PERMISSION clause
|
||||
if !e.compute(ctx, opt, txn, Some(&self.current)).await?.is_truthy() {
|
||||
return Err(Error::Ignore);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Carry on
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,10 +18,10 @@ impl<'a> Document<'a> {
|
|||
self.admit(ctx, opt, txn, stm).await?;
|
||||
// Check where clause
|
||||
self.check(ctx, opt, txn, stm).await?;
|
||||
// Check if allowed
|
||||
self.allow(ctx, opt, txn, stm).await?;
|
||||
// Erase document
|
||||
self.erase(ctx, opt, txn, stm).await?;
|
||||
// Check if allowed
|
||||
self.allow(ctx, opt, txn, stm).await?;
|
||||
// Purge index data
|
||||
self.index(ctx, opt, txn, stm).await?;
|
||||
// Purge record data
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ impl<'a> Document<'a> {
|
|||
// Get the table for this document
|
||||
pub async fn tb(
|
||||
&self,
|
||||
ctx: &Runtime,
|
||||
_ctx: &Runtime,
|
||||
opt: &Options,
|
||||
txn: &Transaction,
|
||||
) -> Result<DefineTableStatement, Error> {
|
||||
|
|
|
|||
|
|
@ -153,7 +153,7 @@ pub enum Error {
|
|||
},
|
||||
|
||||
#[error("You don't have permission to run the `{query}` query on the `{table}` table")]
|
||||
TablePermissionsError {
|
||||
TablePermissions {
|
||||
query: String,
|
||||
table: String,
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue