Authentication: Make search_rules optional in AuthFilter

This commit is contained in:
Louis Dureuil 2023-02-19 15:04:37 +01:00
parent 42577403d8
commit d0f2c9c72e
No known key found for this signature in database

View File

@ -85,19 +85,13 @@ impl AuthController {
uid: Uuid, uid: Uuid,
search_rules: Option<SearchRules>, search_rules: Option<SearchRules>,
) -> Result<AuthFilter> { ) -> Result<AuthFilter> {
let mut filters = AuthFilter::default();
let key = self.get_key(uid)?; let key = self.get_key(uid)?;
filters.key_authorized_indexes = SearchRules::Set(key.indexes.into_iter().collect()); let key_authorized_indexes = SearchRules::Set(key.indexes.into_iter().collect());
filters.search_rules = match search_rules { let allow_index_creation = self.is_key_authorized(uid, Action::IndexesAdd, None)?;
Some(search_rules) => search_rules,
None => filters.key_authorized_indexes.clone(),
};
filters.allow_index_creation = self.is_key_authorized(uid, Action::IndexesAdd, None)?; Ok(AuthFilter { search_rules, key_authorized_indexes, allow_index_creation })
Ok(filters)
} }
pub fn list_keys(&self) -> Result<Vec<Key>> { pub fn list_keys(&self) -> Result<Vec<Key>> {
@ -162,7 +156,7 @@ impl AuthController {
} }
pub struct AuthFilter { pub struct AuthFilter {
search_rules: SearchRules, search_rules: Option<SearchRules>,
key_authorized_indexes: SearchRules, key_authorized_indexes: SearchRules,
pub allow_index_creation: bool, pub allow_index_creation: bool,
} }
@ -170,7 +164,7 @@ pub struct AuthFilter {
impl Default for AuthFilter { impl Default for AuthFilter {
fn default() -> Self { fn default() -> Self {
Self { Self {
search_rules: SearchRules::default(), search_rules: None,
key_authorized_indexes: SearchRules::default(), key_authorized_indexes: SearchRules::default(),
allow_index_creation: true, allow_index_creation: true,
} }
@ -180,7 +174,7 @@ impl Default for AuthFilter {
impl AuthFilter { impl AuthFilter {
pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self { pub fn with_allowed_indexes(allowed_indexes: HashSet<IndexUidPattern>) -> Self {
Self { Self {
search_rules: SearchRules::Set(allowed_indexes.clone()), search_rules: None,
key_authorized_indexes: SearchRules::Set(allowed_indexes), key_authorized_indexes: SearchRules::Set(allowed_indexes),
allow_index_creation: false, allow_index_creation: false,
} }
@ -188,19 +182,28 @@ impl AuthFilter {
pub fn all_indexes_authorized(&self) -> bool { pub fn all_indexes_authorized(&self) -> bool {
self.key_authorized_indexes.all_indexes_authorized() self.key_authorized_indexes.all_indexes_authorized()
&& self.search_rules.all_indexes_authorized() && self
.search_rules
.as_ref()
.map(|search_rules| search_rules.all_indexes_authorized())
.unwrap_or(true)
} }
pub fn is_index_authorized(&self, index: &str) -> bool { pub fn is_index_authorized(&self, index: &str) -> bool {
self.key_authorized_indexes.is_index_authorized(index) self.key_authorized_indexes.is_index_authorized(index)
&& self.search_rules.is_index_authorized(index) && self
.search_rules
.as_ref()
.map(|search_rules| search_rules.is_index_authorized(index))
.unwrap_or(true)
} }
pub fn get_index_search_rules(&self, index: &str) -> Option<IndexSearchRules> { pub fn get_index_search_rules(&self, index: &str) -> Option<IndexSearchRules> {
if !self.is_index_authorized(index) { if !self.is_index_authorized(index) {
return None; return None;
} }
self.search_rules.get_index_search_rules(index) let search_rules = self.search_rules.as_ref().unwrap_or(&self.key_authorized_indexes);
search_rules.get_index_search_rules(index)
} }
} }