chore: disable all casin func (#338)

* chore: disable all casin func * chore: rename
2024-02-21 14:02:37 +08:00 · 2024-02-21 14:02:37 +08:00 · 3ab768fb14
parent df258c6ed3
commit 3ab768fb14
4 changed files with 40 additions and 20 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -180,7 +180,7 @@ collab-document = { git = "https://github.com/AppFlowy-IO/AppFlowy-Collab", rev
 [features]
 custom_env= []
 # This feature will be removed once the cpu spike issue is resolved
-disable_collab_ac = []
+disable_access_control = []

 # Comment the above and uncomment the below to use local version of collab by cloning the repo and placing it in libs folder
 #collab = { path = "libs/AppFlowy-Collab/collab" }
--- a/2
+++ b/2
@ -16,7 +16,7 @@ COPY . .
 ENV SQLX_OFFLINE true

 # Build the project
-RUN cargo build --profile=profiling --features="disable_collab_ac" --bin appflowy_cloud
+RUN cargo build --profile=profiling --features="disable_access_control" --bin appflowy_cloud


 FROM debian:bookworm-slim AS runtime
--- a/src/biz/casbin/access_control.rs
+++ b/src/biz/casbin/access_control.rs
@ -86,37 +86,57 @@ impl AccessControl {
    obj: &ObjectType<'_>,
    act: &ActionType,
  ) -> Result<bool, AppError> {
-    self.enforcer.update(uid, obj, act).await
+    if cfg!(feature = "disable_access_control") {
+      Ok(true)
+    } else {
+      self.enforcer.update(uid, obj, act).await
+    }
  }

  pub async fn remove(&self, uid: &i64, obj: &ObjectType<'_>) -> Result<(), AppError> {
-    self.enforcer.remove(uid, obj).await?;
-    Ok(())
+    if cfg!(feature = "disable_access_control") {
+      Ok(())
+    } else {
+      self.enforcer.remove(uid, obj).await?;
+      Ok(())
+    }
  }

  pub async fn enforce<A>(&self, uid: &i64, obj: &ObjectType<'_>, act: A) -> Result<bool, AppError>
  where
    A: ToCasbinAction,
  {
-    self.enforcer.enforce(uid, obj, act).await
+    if cfg!(feature = "disable_access_control") {
+      Ok(true)
+    } else {
+      self.enforcer.enforce(uid, obj, act).await
+    }
  }

  pub async fn get_access_level(&self, uid: &i64, oid: &str) -> Option<AFAccessLevel> {
-    let collab_id = ObjectType::Collab(oid);
-    self
-      .enforcer
-      .get_action(uid, &collab_id)
-      .await
-      .map(|value| AFAccessLevel::from_action(&value))
+    if cfg!(feature = "disable_access_control") {
+      Some(AFAccessLevel::FullAccess)
+    } else {
+      let collab_id = ObjectType::Collab(oid);
+      self
+        .enforcer
+        .get_action(uid, &collab_id)
+        .await
+        .map(|value| AFAccessLevel::from_action(&value))
+    }
  }

  pub async fn get_role(&self, uid: &i64, workspace_id: &str) -> Option<AFRole> {
-    let workspace_id = ObjectType::Workspace(workspace_id);
-    self
-      .enforcer
-      .get_action(uid, &workspace_id)
-      .await
-      .map(|value| AFRole::from_action(&value))
+    if cfg!(feature = "disable_access_control") {
+      Some(AFRole::Owner)
+    } else {
+      let workspace_id = ObjectType::Workspace(workspace_id);
+      self
+        .enforcer
+        .get_action(uid, &workspace_id)
+        .await
+        .map(|value| AFRole::from_action(&value))
+    }
  }
 }

--- a/src/biz/casbin/collab_ac.rs
+++ b/src/biz/casbin/collab_ac.rs
@ -81,7 +81,7 @@ impl CollabAccessControl for CollabAccessControlImpl {
  }

  async fn can_send_collab_update(&self, uid: &i64, oid: &str) -> Result<bool, AppError> {
-    if cfg!(feature = "disable_collab_ac") {
+    if cfg!(feature = "disable_access_control") {
      Ok(true)
    } else {
      self
@ -92,7 +92,7 @@ impl CollabAccessControl for CollabAccessControlImpl {
  }

  async fn can_receive_collab_update(&self, uid: &i64, oid: &str) -> Result<bool, AppError> {
-    if cfg!(feature = "disable_collab_ac") {
+    if cfg!(feature = "disable_access_control") {
      Ok(true)
    } else {
      self