diff --git a/Cargo.toml b/Cargo.toml index d298353f..0abde9e8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -180,7 +180,7 @@ collab-document = { git = "https://github.com/AppFlowy-IO/AppFlowy-Collab", rev [features] custom_env= [] # This feature will be removed once the cpu spike issue is resolved -disable_collab_ac = [] +disable_access_control = [] # Comment the above and uncomment the below to use local version of collab by cloning the repo and placing it in libs folder #collab = { path = "libs/AppFlowy-Collab/collab" } diff --git a/Dockerfile b/Dockerfile index 6ee581f5..e9bd534e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ COPY . . ENV SQLX_OFFLINE true # Build the project -RUN cargo build --profile=profiling --features="disable_collab_ac" --bin appflowy_cloud +RUN cargo build --profile=profiling --features="disable_access_control" --bin appflowy_cloud FROM debian:bookworm-slim AS runtime diff --git a/src/biz/casbin/access_control.rs b/src/biz/casbin/access_control.rs index ccafabf4..f978720d 100644 --- a/src/biz/casbin/access_control.rs +++ b/src/biz/casbin/access_control.rs @@ -86,37 +86,57 @@ impl AccessControl { obj: &ObjectType<'_>, act: &ActionType, ) -> Result { - self.enforcer.update(uid, obj, act).await + if cfg!(feature = "disable_access_control") { + Ok(true) + } else { + self.enforcer.update(uid, obj, act).await + } } pub async fn remove(&self, uid: &i64, obj: &ObjectType<'_>) -> Result<(), AppError> { - self.enforcer.remove(uid, obj).await?; - Ok(()) + if cfg!(feature = "disable_access_control") { + Ok(()) + } else { + self.enforcer.remove(uid, obj).await?; + Ok(()) + } } pub async fn enforce(&self, uid: &i64, obj: &ObjectType<'_>, act: A) -> Result where A: ToCasbinAction, { - self.enforcer.enforce(uid, obj, act).await + if cfg!(feature = "disable_access_control") { + Ok(true) + } else { + self.enforcer.enforce(uid, obj, act).await + } } pub async fn get_access_level(&self, uid: &i64, oid: &str) -> Option { - let collab_id = ObjectType::Collab(oid); - self - .enforcer - .get_action(uid, &collab_id) - .await - .map(|value| AFAccessLevel::from_action(&value)) + if cfg!(feature = "disable_access_control") { + Some(AFAccessLevel::FullAccess) + } else { + let collab_id = ObjectType::Collab(oid); + self + .enforcer + .get_action(uid, &collab_id) + .await + .map(|value| AFAccessLevel::from_action(&value)) + } } pub async fn get_role(&self, uid: &i64, workspace_id: &str) -> Option { - let workspace_id = ObjectType::Workspace(workspace_id); - self - .enforcer - .get_action(uid, &workspace_id) - .await - .map(|value| AFRole::from_action(&value)) + if cfg!(feature = "disable_access_control") { + Some(AFRole::Owner) + } else { + let workspace_id = ObjectType::Workspace(workspace_id); + self + .enforcer + .get_action(uid, &workspace_id) + .await + .map(|value| AFRole::from_action(&value)) + } } } diff --git a/src/biz/casbin/collab_ac.rs b/src/biz/casbin/collab_ac.rs index cf703e4b..b97a2eca 100644 --- a/src/biz/casbin/collab_ac.rs +++ b/src/biz/casbin/collab_ac.rs @@ -81,7 +81,7 @@ impl CollabAccessControl for CollabAccessControlImpl { } async fn can_send_collab_update(&self, uid: &i64, oid: &str) -> Result { - if cfg!(feature = "disable_collab_ac") { + if cfg!(feature = "disable_access_control") { Ok(true) } else { self @@ -92,7 +92,7 @@ impl CollabAccessControl for CollabAccessControlImpl { } async fn can_receive_collab_update(&self, uid: &i64, oid: &str) -> Result { - if cfg!(feature = "disable_collab_ac") { + if cfg!(feature = "disable_access_control") { Ok(true) } else { self