chk
/
AppFlowy-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable casbin (#313) 

* chore: disable casin test

* chore: disable casin test
This commit is contained in:
Nathan.fooo 2024-02-09 15:07:39 +08:00 committed by GitHub
parent e999999694
commit 263fdbafdc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 64 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
src/biz/casbin/access_control.rs
View File

@ -2,9 +2,9 @@ use std::ops::Deref;
use std::{str::FromStr, sync::Arc};
use actix_web::http::Method;
use anyhow::anyhow;
use async_trait::async_trait;
use casbin::{CoreApi, MgmtApi};
use casbin::MgmtApi;
use sqlx::{Executor, PgPool, Postgres};
use tokio::sync::{broadcast, RwLock};
use tracing::log::warn;
@ -27,7 +27,7 @@ use crate::biz::casbin::enforcer_ext::{enforcer_remove, enforcer_update};
use realtime::collaborate::CollabAccessControl;
use super::{
Action, ActionType, ObjectType, POLICY_FIELD_INDEX_ACTION, POLICY_FIELD_INDEX_OBJECT,
ActionType, ObjectType, POLICY_FIELD_INDEX_ACTION, POLICY_FIELD_INDEX_OBJECT,
POLICY_FIELD_INDEX_USER,
};
@ -273,69 +273,72 @@ impl CollabAccessControl for CasbinCollabAccessControl {
async fn can_access_http_method(
&self,
uid: &i64,
oid: &str,
method: &Method,
_uid: &i64,
_oid: &str,
_method: &Method,
) -> Result<bool, AppError> {
let action = if Method::POST == method || Method::PUT == method || Method::DELETE == method {
Action::Write
} else {
Action::Read
};
// If collab does not exist, allow access.
// Workspace access control will still check it.
let collab_exists = self
.casbin_access_control
.enforcer
.read()
.await
.get_all_objects()
.contains(&ObjectType::Collab(oid).to_string());
if !collab_exists {
return Ok(true);
}
self
.casbin_access_control
.enforcer
.read()
.await
.enforce((
uid.to_string(),
ObjectType::Collab(oid).to_string(),
action.to_string(),
))
.map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
Ok(true)
// let action = if Method::POST == method || Method::PUT == method || Method::DELETE == method {
// Action::Write
// } else {
// Action::Read
// };
//
// // If collab does not exist, allow access.
// // Workspace access control will still check it.
// let collab_exists = self
// .casbin_access_control
// .enforcer
// .read()
// .await
// .get_all_objects()
// .contains(&ObjectType::Collab(oid).to_string());
//
// if !collab_exists {
// return Ok(true);
// }
//
// self
// .casbin_access_control
// .enforcer
// .read()
// .await
// .enforce((
// uid.to_string(),
// ObjectType::Collab(oid).to_string(),
// action.to_string(),
// ))
// .map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
}
async fn can_send_collab_update(&self, uid: &i64, oid: &str) -> Result<bool, AppError> {
self
.casbin_access_control
.enforcer
.read()
.await
.enforce((
uid.to_string(),
ObjectType::Collab(oid).to_string(),
Action::Write.to_string(),
))
.map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
async fn can_send_collab_update(&self, _uid: &i64, _oid: &str) -> Result<bool, AppError> {
Ok(true)
// self
// .casbin_access_control
// .enforcer
// .read()
// .await
// .enforce((
// uid.to_string(),
// ObjectType::Collab(oid).to_string(),
// Action::Write.to_string(),
// ))
// .map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
}
async fn can_receive_collab_update(&self, uid: &i64, oid: &str) -> Result<bool, AppError> {
self
.casbin_access_control
.enforcer
.read()
.await
.enforce((
uid.to_string(),
ObjectType::Collab(oid).to_string(),
Action::Read.to_string(),
))
.map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
async fn can_receive_collab_update(&self, _uid: &i64, _oid: &str) -> Result<bool, AppError> {
Ok(true)
// self
// .casbin_access_control
// .enforcer
// .read()
// .await
// .enforce((
// uid.to_string(),
// ObjectType::Collab(oid).to_string(),
// Action::Read.to_string(),
// ))
// .map_err(|e| AppError::Internal(anyhow!("casbin error enforce: {e:?}")))
}
}