Improvement to access control

2025-12-14 08:12:24 +00:00 · 2024-10-31 21:18:41 +01:00
parent c484a17911
commit 0c14f8ba90
24 changed files with 394 additions and 215 deletions
--- a/crates/dav/src/privileges.rs
+++ b/crates/dav/src/privileges.rs
@@ -0,0 +1,78 @@
+use serde::{Deserialize, Serialize};
+use std::collections::HashSet;
+
+#[derive(Debug, Clone, Serialize, Deserialize, Eq, Hash, PartialEq)]
+#[serde(rename_all = "kebab-case")]
+pub enum UserPrivilege {
+    Read,
+    Write,
+    WriteProperties,
+    WriteContent,
+    ReadAcl,
+    ReadCurrentUserPrivilegeSet,
+    WriteAcl,
+    All,
+}
+
+impl Serialize for UserPrivilegeSet {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: serde::Serializer,
+    {
+        #[derive(Serialize)]
+        #[serde(rename_all = "kebab-case")]
+        pub struct UserPrivilegeWrapper<'a> {
+            #[serde(rename = "$value")]
+            privilege: &'a UserPrivilege,
+        }
+        #[derive(Serialize)]
+        #[serde(rename_all = "kebab-case")]
+        pub struct FakeUserPrivilegeSet<'a> {
+            #[serde(rename = "privilege")]
+            privileges: Vec<UserPrivilegeWrapper<'a>>,
+        }
+        FakeUserPrivilegeSet {
+            privileges: self
+                .privileges
+                .iter()
+                .map(|privilege| UserPrivilegeWrapper { privilege })
+                .collect(),
+        }
+        .serialize(serializer)
+    }
+}
+
+// TODO: implement Deserialize once we need it
+#[derive(Debug, Clone, Deserialize, Default)]
+#[serde(rename_all = "kebab-case")]
+pub struct UserPrivilegeSet {
+    privileges: HashSet<UserPrivilege>,
+}
+
+impl UserPrivilegeSet {
+    pub fn has(&self, privilege: &UserPrivilege) -> bool {
+        self.privileges.contains(privilege) || self.privileges.contains(&UserPrivilege::All)
+    }
+
+    pub fn all() -> Self {
+        Self {
+            privileges: HashSet::from([UserPrivilege::All]),
+        }
+    }
+
+    pub fn owner_only(is_owner: bool) -> Self {
+        if is_owner {
+            Self::all()
+        } else {
+            Self::default()
+        }
+    }
+}
+
+impl<const N: usize> From<[UserPrivilege; N]> for UserPrivilegeSet {
+    fn from(privileges: [UserPrivilege; N]) -> Self {
+        Self {
+            privileges: HashSet::from(privileges),
+        }
+    }
+}