nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-13 21:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Some preparations for supporting principal memberships

Browse Source
This commit is contained in:
Lennart
2025-02-02 11:34:10 +01:00
parent 93d16f02d9
commit 031d94c9d1
18 changed files with 54 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/caldav/src/calendar/methods/mkcalendar.rs
View File

@@ -57,7 +57,7 @@ pub async fn route_mkcalendar<C: CalendarStore>(
root_span: RootSpan, root_span: RootSpan,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let (principal, cal_id) = path.into_inner(); let (principal, cal_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

2
crates/caldav/src/calendar/methods/post.rs
View File

@@ -23,7 +23,7 @@ pub async fn route_post<C: CalendarStore, S: SubscriptionStore>(
req: HttpRequest, req: HttpRequest,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let (principal, cal_id) = path.into_inner(); let (principal, cal_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

2
crates/caldav/src/calendar/methods/report/mod.rs
View File

@@ -34,7 +34,7 @@ pub async fn route_report_calendar<C: CalendarStore>(
cal_store: Data<C>, cal_store: Data<C>,
) -> Result<impl Responder, Error> { ) -> Result<impl Responder, Error> {
let (principal, cal_id) = path.into_inner(); let (principal, cal_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

8
crates/caldav/src/calendar/resource.rs
View File

@@ -300,10 +300,14 @@ impl Resource for CalendarResource {
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
if self.cal.subscription_url.is_some() || self.read_only { if self.cal.subscription_url.is_some() || self.read_only {
return Ok(UserPrivilegeSet::owner_read(self.cal.principal == user.id)); return Ok(UserPrivilegeSet::owner_read(
user.is_principal(&self.cal.principal),
));
} }
Ok(UserPrivilegeSet::owner_only(self.cal.principal == user.id)) Ok(UserPrivilegeSet::owner_only(
user.is_principal(&self.cal.principal),
))
} }
} }

6
crates/caldav/src/calendar_object/methods.rs
View File

@@ -24,12 +24,12 @@ pub async fn get_event<C: CalendarStore>(
object_id, object_id,
} = path.into_inner(); } = path.into_inner();
if user.id != principal { if !user.is_principal(&principal) {
return Ok(HttpResponse::Unauthorized().body("")); return Ok(HttpResponse::Unauthorized().body(""));
} }
let calendar = store.get_calendar(&principal, &cal_id).await?; let calendar = store.get_calendar(&principal, &cal_id).await?;
if user.id != calendar.principal { if !user.is_principal(&calendar.principal) {
return Ok(HttpResponse::Unauthorized().body("")); return Ok(HttpResponse::Unauthorized().body(""));
} }
@@ -56,7 +56,7 @@ pub async fn put_event<C: CalendarStore>(
object_id, object_id,
} = path.into_inner(); } = path.into_inner();
if user.id != principal { if !user.is_principal(&principal) {
return Ok(HttpResponse::Unauthorized().body("")); return Ok(HttpResponse::Unauthorized().body(""));
} }

4
crates/caldav/src/calendar_object/resource.rs
View File

@@ -91,7 +91,9 @@ impl Resource for CalendarObjectResource {
} }
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(UserPrivilegeSet::owner_only(self.principal == user.id)) Ok(UserPrivilegeSet::owner_only(
user.is_principal(&self.principal),
))
} }
} }

4
crates/caldav/src/calendar_set/mod.rs
View File

@@ -55,9 +55,9 @@ impl Resource for CalendarSetResource {
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(if self.read_only { Ok(if self.read_only {
UserPrivilegeSet::owner_read(self.principal == user.id) UserPrivilegeSet::owner_read(user.is_principal(&self.principal))
} else { } else {
UserPrivilegeSet::owner_only(self.principal == user.id) UserPrivilegeSet::owner_only(user.is_principal(&self.principal))
}) })
} }
} }

4
crates/caldav/src/principal/mod.rs
View File

@@ -113,7 +113,9 @@ impl Resource for PrincipalResource {
} }
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(UserPrivilegeSet::owner_read(self.principal == user.id)) Ok(UserPrivilegeSet::owner_read(
user.is_principal(&self.principal),
))
} }
} }

10
crates/carddav/src/address_object/methods.rs
View File

@@ -26,8 +26,8 @@ pub async fn get_object<AS: AddressbookStore>(
object_id, object_id,
} = path.into_inner(); } = path.into_inner();
if user.id != principal { if !user.is_principal(&principal) {
return Ok(HttpResponse::Unauthorized().body("")); return Err(Error::Unauthorized);
} }
let addressbook = store.get_addressbook(&principal, &addressbook_id).await?; let addressbook = store.get_addressbook(&principal, &addressbook_id).await?;
@@ -64,8 +64,8 @@ pub async fn put_object<AS: AddressbookStore>(
object_id, object_id,
} = path.into_inner(); } = path.into_inner();
if user.id != principal { if !user.is_principal(&principal) {
return Ok(HttpResponse::Unauthorized().body("")); return Err(Error::Unauthorized);
} }
// TODO: implement If-Match // TODO: implement If-Match
@@ -79,5 +79,5 @@ pub async fn put_object<AS: AddressbookStore>(
.put_object(principal, addressbook_id, object, overwrite) .put_object(principal, addressbook_id, object, overwrite)
.await?; .await?;
Ok(HttpResponse::Created().body("")) Ok(HttpResponse::Created().finish())
} }

4
crates/carddav/src/address_object/resource.rs
View File

@@ -87,7 +87,9 @@ impl Resource for AddressObjectResource {
} }
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(UserPrivilegeSet::owner_only(self.principal == user.id)) Ok(UserPrivilegeSet::owner_only(
user.is_principal(&self.principal),
))
} }
} }

2
crates/carddav/src/addressbook/methods/mkcol.rs
View File

@@ -48,7 +48,7 @@ pub async fn route_mkcol<AS: AddressbookStore>(
root_span: RootSpan, root_span: RootSpan,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let (principal, addressbook_id) = path.into_inner(); let (principal, addressbook_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

2
crates/carddav/src/addressbook/methods/post.rs
View File

@@ -20,7 +20,7 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
req: HttpRequest, req: HttpRequest,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let (principal, addressbook_id) = path.into_inner(); let (principal, addressbook_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

2
crates/carddav/src/addressbook/methods/report/mod.rs
View File

@@ -30,7 +30,7 @@ pub async fn route_report_addressbook<AS: AddressbookStore>(
addr_store: Data<AS>, addr_store: Data<AS>,
) -> Result<impl Responder, Error> { ) -> Result<impl Responder, Error> {
let (principal, addressbook_id) = path.into_inner(); let (principal, addressbook_id) = path.into_inner();
if principal != user.id { if !user.is_principal(&principal) {
return Err(Error::Unauthorized); return Err(Error::Unauthorized);
} }

4
crates/carddav/src/addressbook/resource.rs
View File

@@ -185,7 +185,9 @@ impl Resource for AddressbookResource {
} }
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(UserPrivilegeSet::owner_only(self.0.principal == user.id)) Ok(UserPrivilegeSet::owner_only(
user.is_principal(&self.0.principal),
))
} }
} }

4
crates/carddav/src/principal/mod.rs
View File

@@ -108,7 +108,9 @@ impl Resource for PrincipalResource {
} }
fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> { fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
Ok(UserPrivilegeSet::owner_only(self.principal == user.id)) Ok(UserPrivilegeSet::owner_only(
user.is_principal(&self.principal),
))
} }
} }

4
crates/frontend/src/routes/addressbook.rs
View File

@@ -19,7 +19,7 @@ pub async fn route_addressbook<AS: AddressbookStore>(
user: User, user: User,
) -> Result<impl Responder, rustical_store::Error> { ) -> Result<impl Responder, rustical_store::Error> {
let (owner, addrbook_id) = path.into_inner(); let (owner, addrbook_id) = path.into_inner();
if owner != user.id { if !user.is_principal(&owner) {
return Ok(HttpResponse::Unauthorized().body("Unauthorized")); return Ok(HttpResponse::Unauthorized().body("Unauthorized"));
} }
Ok(AddressbookPage { Ok(AddressbookPage {
@@ -35,7 +35,7 @@ pub async fn route_addressbook_restore<AS: AddressbookStore>(
user: User, user: User,
) -> Result<impl Responder, rustical_store::Error> { ) -> Result<impl Responder, rustical_store::Error> {
let (owner, addressbook_id) = path.into_inner(); let (owner, addressbook_id) = path.into_inner();
if owner != user.id { if !user.is_principal(&owner) {
return Ok(HttpResponse::Unauthorized().body("Unauthorized")); return Ok(HttpResponse::Unauthorized().body("Unauthorized"));
} }
store.restore_addressbook(&owner, &addressbook_id).await?; store.restore_addressbook(&owner, &addressbook_id).await?;

4
crates/frontend/src/routes/calendar.rs
View File

@@ -19,7 +19,7 @@ pub async fn route_calendar<C: CalendarStore>(
user: User, user: User,
) -> Result<impl Responder, rustical_store::Error> { ) -> Result<impl Responder, rustical_store::Error> {
let (owner, cal_id) = path.into_inner(); let (owner, cal_id) = path.into_inner();
if owner != user.id { if !user.is_principal(&owner) {
return Ok(HttpResponse::Unauthorized().body("Unauthorized")); return Ok(HttpResponse::Unauthorized().body("Unauthorized"));
} }
Ok(CalendarPage { Ok(CalendarPage {
@@ -35,7 +35,7 @@ pub async fn route_calendar_restore<CS: CalendarStore>(
user: User, user: User,
) -> Result<impl Responder, rustical_store::Error> { ) -> Result<impl Responder, rustical_store::Error> {
let (owner, cal_id) = path.into_inner(); let (owner, cal_id) = path.into_inner();
if owner != user.id { if !user.is_principal(&owner) {
return Ok(HttpResponse::Unauthorized().body("Unauthorized")); return Ok(HttpResponse::Unauthorized().body("Unauthorized"));
} }
store.restore_calendar(&owner, &cal_id).await?; store.restore_calendar(&owner, &cal_id).await?;

13
crates/store/src/auth/user.rs
View File

@@ -8,6 +8,7 @@ use serde::{Deserialize, Serialize};
use std::future::{ready, Ready}; use std::future::{ready, Ready};
#[derive(Debug, Clone, Deserialize, Serialize)] #[derive(Debug, Clone, Deserialize, Serialize)]
#[serde(deny_unknown_fields)]
pub struct User { pub struct User {
pub id: String, pub id: String,
pub displayname: Option<String>, pub displayname: Option<String>,
@@ -16,6 +17,18 @@ pub struct User {
pub app_tokens: Vec<String>, pub app_tokens: Vec<String>,
} }
impl User {
/// Returns true if the user is either
/// - the principal itself
/// - has full access to the prinicpal (is member)
pub fn is_principal(&self, principal: &str) -> bool {
if self.id == principal {
return true;
}
false
}
}
#[derive(Clone, Debug, Display)] #[derive(Clone, Debug, Display)]
pub struct UnauthorizedError; pub struct UnauthorizedError;