From 5df1040dd8ed17a2ca11135fac71b24e929ddcbc Mon Sep 17 00:00:00 2001 From: Tobie Morgan Hitchcock Date: Tue, 5 Apr 2022 21:41:49 +0100 Subject: [PATCH] Implement PERMISSIONS clauses --- lib/src/dbs/statement.rs | 5 +++++ lib/src/doc/allow.rs | 38 ++++++++++++++++++++++++++++++++++---- lib/src/doc/delete.rs | 4 ++-- lib/src/doc/document.rs | 2 +- lib/src/err/mod.rs | 2 +- 5 files changed, 43 insertions(+), 8 deletions(-) diff --git a/lib/src/dbs/statement.rs b/lib/src/dbs/statement.rs index 9e17e288..f8954c9e 100644 --- a/lib/src/dbs/statement.rs +++ b/lib/src/dbs/statement.rs @@ -86,6 +86,11 @@ impl fmt::Display for Statement { } impl Statement { + // Check the type of statement + #[inline] + pub fn is_select(&self) -> bool { + matches!(self, Statement::Select(_)) + } // Returns any query fields if specified #[inline] pub fn expr(&self) -> Option<&Fields> { diff --git a/lib/src/doc/allow.rs b/lib/src/doc/allow.rs index 2179bc95..1dcdbc8b 100644 --- a/lib/src/doc/allow.rs +++ b/lib/src/doc/allow.rs @@ -4,15 +4,45 @@ use crate::dbs::Statement; use crate::dbs::Transaction; use crate::doc::Document; use crate::err::Error; +use crate::sql::permission::Permission; impl<'a> Document<'a> { pub async fn allow( &self, - _ctx: &Runtime, - _opt: &Options, - _txn: &Transaction, - _stm: &Statement, + ctx: &Runtime, + opt: &Options, + txn: &Transaction, + stm: &Statement, ) -> Result<(), Error> { + // Check permission clause + if opt.perms && opt.auth.perms() && self.id.is_some() { + // Get the table + let tb = self.tb(ctx, opt, txn).await?; + // Get the permission + let perms = if self.initial.is_none() { + &tb.permissions.create + } else if self.current.is_none() { + &tb.permissions.delete + } else if stm.is_select() { + &tb.permissions.select + } else { + &tb.permissions.update + }; + // Match the permission + match perms { + Permission::None => return Err(Error::Ignore), + Permission::Full => return Ok(()), + Permission::Specific(e) => { + // Ensure permissions are disabled + let opt = &opt.perms(false); + // Process the PERMISSION clause + if !e.compute(ctx, opt, txn, Some(&self.current)).await?.is_truthy() { + return Err(Error::Ignore); + } + } + } + } + // Carry on Ok(()) } } diff --git a/lib/src/doc/delete.rs b/lib/src/doc/delete.rs index aa9ad245..7f28347e 100644 --- a/lib/src/doc/delete.rs +++ b/lib/src/doc/delete.rs @@ -18,10 +18,10 @@ impl<'a> Document<'a> { self.admit(ctx, opt, txn, stm).await?; // Check where clause self.check(ctx, opt, txn, stm).await?; - // Check if allowed - self.allow(ctx, opt, txn, stm).await?; // Erase document self.erase(ctx, opt, txn, stm).await?; + // Check if allowed + self.allow(ctx, opt, txn, stm).await?; // Purge index data self.index(ctx, opt, txn, stm).await?; // Purge record data diff --git a/lib/src/doc/document.rs b/lib/src/doc/document.rs index 835a1255..dc1835e1 100644 --- a/lib/src/doc/document.rs +++ b/lib/src/doc/document.rs @@ -38,7 +38,7 @@ impl<'a> Document<'a> { // Get the table for this document pub async fn tb( &self, - ctx: &Runtime, + _ctx: &Runtime, opt: &Options, txn: &Transaction, ) -> Result { diff --git a/lib/src/err/mod.rs b/lib/src/err/mod.rs index eb67e5c6..d247f1ae 100644 --- a/lib/src/err/mod.rs +++ b/lib/src/err/mod.rs @@ -153,7 +153,7 @@ pub enum Error { }, #[error("You don't have permission to run the `{query}` query on the `{table}` table")] - TablePermissionsError { + TablePermissions { query: String, table: String, },