chk
/
AppFlowy-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: cargo clippy

This commit is contained in:
Zack Fu Zi Xiang 2024-02-09 12:22:25 +08:00
parent 0665a456d2
commit 8b271eedd5
No known key found for this signature in database
GPG Key ID: 39DE600AFEEED522
4 changed files with 81 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/biz/collab/access_control.rs
View File

@ -36,6 +36,7 @@ where
} }
#[instrument(level = "debug", skip_all, err)] #[instrument(level = "debug", skip_all, err)]
#[allow(clippy::blocks_in_conditions)]
async fn check_collab_permission( async fn check_collab_permission(
&self, &self,
oid: &str, oid: &str,

98
src/biz/collab/storage.rs
View File

@ -73,6 +73,60 @@ where
opened_collab_by_object_id: Arc::new(RwLock::new(HashMap::new())), opened_collab_by_object_id: Arc::new(RwLock::new(HashMap::new())),
} }
} }
async fn check_collab_permission(
&self,
workspace_id: &str,
uid: &i64,
params: &CollabParams,
transaction: &mut Transaction<'_, sqlx::Postgres>,
) -> Result<(), AppError> {
// Check if the user has enough permissions to insert collab
// 1. If the collab already exists, check if the user has enough permissions to update collab
// 2. If the collab doesn't exist, check if the user has enough permissions to create collab.
let collab_exists = is_collab_exists(&params.object_id, transaction.deref_mut()).await?;
if collab_exists {
// If the collab already exists, check if the user has enough permissions to update collab
let can_write = self
.access_control
.get_or_refresh_collab_access_level(uid, &params.object_id, transaction.deref_mut())
.await
.context(format!(
"Can't find the access level when user:{} try to insert collab",
uid
))?
.can_write();
if !can_write {
return Err(AppError::NotEnoughPermissions(format!(
"user:{} doesn't have enough permissions to update collab {}",
uid, params.object_id
)));
}
} else {
// If the collab doesn't exist, check if the user has enough permissions to create collab.
// If the user is the owner or member of the workspace, the user can create collab.
let can_write_workspace = self
.access_control
.get_user_workspace_role(uid, workspace_id, transaction.deref_mut())
.await?
.can_create_collab();
if !can_write_workspace {
return Err(AppError::NotEnoughPermissions(format!(
"user:{} doesn't have enough permissions to insert collab {}",
uid, params.object_id
)));
}
// Cache the access level if the user has enough permissions to create collab.
self
.access_control
.cache_collab_access_level(uid, &params.object_id, AFAccessLevel::FullAccess)
.await?;
}
Ok(())
}
} }
#[async_trait] #[async_trait]
@ -124,6 +178,7 @@ where
} }
#[instrument(level = "trace", skip(self, params), oid = %params.oid, err)] #[instrument(level = "trace", skip(self, params), oid = %params.oid, err)]
#[allow(clippy::blocks_in_conditions)]
async fn upsert_collab_with_transaction( async fn upsert_collab_with_transaction(
&self, &self,
workspace_id: &str, workspace_id: &str,
@ -132,46 +187,9 @@ where
transaction: &mut Transaction<'_, sqlx::Postgres>, transaction: &mut Transaction<'_, sqlx::Postgres>,
) -> DatabaseResult<()> { ) -> DatabaseResult<()> {
params.validate()?; params.validate()?;
self
// Check if the user has enough permissions to insert collab .check_collab_permission(workspace_id, uid, &params, transaction)
// 1. If the collab already exists, check if the user has enough permissions to update collab .await?;
// 2. If the collab doesn't exist, check if the user has enough permissions to create collab.
let has_permission = if is_collab_exists(&params.object_id, transaction.deref_mut()).await? {
// If the collab already exists, check if the user has enough permissions to update collab
let level = self
.access_control
.get_or_refresh_collab_access_level(uid, &params.object_id, transaction.deref_mut())
.await
.context(format!(
"Can't find the access level when user:{} try to insert collab",
uid
))?;
level.can_write()
} else {
// If the collab doesn't exist, check if the user has enough permissions to create collab.
// If the user is the owner or member of the workspace, the user can create collab.
let can_write_workspace = self
.access_control
.get_user_workspace_role(uid, workspace_id, transaction.deref_mut())
.await?
.can_create_collab();
// Cache the access level if the user has enough permissions to create collab.
if can_write_workspace {
self
.access_control
.cache_collab_access_level(uid, &params.object_id, AFAccessLevel::FullAccess)
.await?;
}
can_write_workspace
};
if !has_permission {
return Err(AppError::NotEnoughPermissions(format!(
"user:{} doesn't have enough permissions to insert collab {}",
uid, params.object_id
)));
}
let object_id = params.object_id.clone(); let object_id = params.object_id.clone();
let encoded_collab = params.encoded_collab_v1.clone(); let encoded_collab = params.encoded_collab_v1.clone();
self self

38
src/biz/workspace/access_control.rs
View File

@ -201,6 +201,7 @@ where
} }
#[instrument(level = "trace", skip_all, err)] #[instrument(level = "trace", skip_all, err)]
#[allow(clippy::blocks_in_conditions)]
async fn check_workspace_permission( async fn check_workspace_permission(
&self, &self,
workspace_id: &Uuid, workspace_id: &Uuid,
@ -208,29 +209,28 @@ where
method: Method, method: Method,
) -> Result<(), AppError> { ) -> Result<(), AppError> {
trace!("workspace_id: {:?}, uid: {:?}", workspace_id, uid); trace!("workspace_id: {:?}, uid: {:?}", workspace_id, uid);
match self let role = self
.access_control .access_control
.get_role_from_uid(uid, workspace_id, &self.pg_pool) .get_role_from_uid(uid, workspace_id, &self.pg_pool)
.await .await
{ .map_err(|err| {
Ok(role) => { AppError::NotEnoughPermissions(format!(
if method == Method::DELETE || method == Method::POST || method == Method::PUT { "Can't find the role of the user:{:?} in the workspace:{:?}. error: {}",
if matches!(role, AFRole::Owner) { uid, workspace_id, err
Ok(()) ))
} else { })?;
Err(AppError::NotEnoughPermissions(format!(
"User:{:?} doesn't have the enough permission to access workspace:{}", match method {
uid, workspace_id Method::DELETE | Method::POST | Method::PUT => match role {
))) AFRole::Owner => return Ok(()),
} _ => {
} else { return Err(AppError::NotEnoughPermissions(format!(
Ok(()) "User:{:?} doesn't have the enough permission to access workspace:{}",
} uid, workspace_id
)))
},
}, },
Err(err) => Err(AppError::NotEnoughPermissions(format!( _ => Ok(()),
"Can't find the role of the user:{:?} in the workspace:{:?}. error: {}",
uid, workspace_id, err
))),
} }
} }

5
src/middleware/access_control_mw.rs
View File

@ -175,12 +175,13 @@ where
forward_ready!(service); forward_ready!(service);
fn call(&self, mut req: ServiceRequest) -> Self::Future { fn call(&self, mut req: ServiceRequest) -> Self::Future {
match req.match_pattern().map(|pattern| { let path = req.match_pattern().map(|pattern| {
let resource_ref = ResourceDef::new(pattern); let resource_ref = ResourceDef::new(pattern);
let mut path = req.match_info().clone(); let mut path = req.match_info().clone();
resource_ref.capture_match_info(&mut path); resource_ref.capture_match_info(&mut path);
path path
}) { });
match path {
None => { None => {
let fut = self.service.call(req); let fut = self.service.call(req);
Box::pin(fut) Box::pin(fut)