update to follow rhailib
This commit is contained in:
Timur Gordon
@@ -1,3 +1,6 @@
|
||||
use std::sync::Arc;
|
||||
|
||||
use crate::db::{hero::OurDB, Collection, Db};
|
||||
use heromodels_core::BaseModelData;
|
||||
use heromodels_derive::model;
|
||||
// Temporarily removed to fix compilation issues
|
||||
@@ -7,14 +10,19 @@ use serde::{Deserialize, Serialize};
|
||||
|
||||
/// Represents an event in a contact
|
||||
#[model]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, CustomType)]
|
||||
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, CustomType, Default)]
|
||||
pub struct Access {
|
||||
/// Base model data
|
||||
pub base_data: BaseModelData,
|
||||
#[index]
|
||||
pub object_type: String,
|
||||
#[index]
|
||||
pub object_id: u32,
|
||||
pub circle_id: u32,
|
||||
#[index]
|
||||
pub circle_pk: String,
|
||||
#[index]
|
||||
pub contact_id: u32,
|
||||
#[index]
|
||||
pub group_id: u32,
|
||||
pub expires_at: Option<u64>,
|
||||
}
|
||||
@@ -24,13 +32,19 @@ impl Access {
|
||||
Access {
|
||||
base_data: BaseModelData::new(),
|
||||
object_id: 0,
|
||||
circle_id: 0,
|
||||
object_type: String::new(),
|
||||
circle_pk: String::new(),
|
||||
contact_id: 0,
|
||||
group_id: 0,
|
||||
expires_at: None,
|
||||
}
|
||||
}
|
||||
|
||||
pub fn object_type(mut self, object_type: String) -> Self {
|
||||
self.object_type = object_type;
|
||||
self
|
||||
}
|
||||
|
||||
pub fn object_id(mut self, object_id: u32) -> Self {
|
||||
self.object_id = object_id;
|
||||
self
|
||||
@@ -46,8 +60,8 @@ impl Access {
|
||||
self
|
||||
}
|
||||
|
||||
pub fn circle_id(mut self, circle_id: u32) -> Self {
|
||||
self.circle_id = circle_id;
|
||||
pub fn circle_pk(mut self, circle_pk: String) -> Self {
|
||||
self.circle_pk = circle_pk;
|
||||
self
|
||||
}
|
||||
|
||||
@@ -56,3 +70,46 @@ impl Access {
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/// Checks if a caller has permission to access a specific resource.
|
||||
/// Access is granted if the caller is a super admin or if an `Access` record exists
|
||||
/// granting them `can_access = true` for the given resource type and ID.
|
||||
///
|
||||
/// # Arguments
|
||||
/// * `db`: An `Arc<OurDB>` for database interaction.
|
||||
/// * `public_key`: The public key of the caller.
|
||||
/// * `_resource_id_to_check`: The ID of the resource being accessed (now unused).
|
||||
/// * `_resource_type_to_check`: The type of the resource (e.g., "Collection", "Image") (now unused).
|
||||
///
|
||||
/// # Errors
|
||||
/// Returns `Err(EvalAltResult::ErrorRuntime)` if there's a database error during the check.
|
||||
pub fn can_access_resource(
|
||||
db: Arc<OurDB>,
|
||||
public_key: &str,
|
||||
_resource_id_to_check: u32,
|
||||
_resource_type_to_check: &str,
|
||||
) -> bool {
|
||||
// Query for Access records matching the public key.
|
||||
// Note: This fetches all access records for the user. For performance with many records,
|
||||
// consider a more specific query if your DB supports it, or caching.
|
||||
let access_records = match db
|
||||
.collection::<Access>()
|
||||
.expect("Failed to get Access collection")
|
||||
.get::<access_index::circle_pk, _>(public_key)
|
||||
{
|
||||
Ok(records) => records,
|
||||
Err(_e) => {
|
||||
// Optionally log the error for debugging purposes.
|
||||
// For example: log::warn!("Error fetching access records for public key {}: {:?}", public_key, e);
|
||||
// If database query fails, assume access is not granted.
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
if !access_records.is_empty() {
|
||||
return true;
|
||||
}
|
||||
|
||||
false // Default to deny if no grant is found
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user