Grcov report - user.rs

1

use serde::{Deserialize, Serialize};

2

3

use crate::{

4

    admin::{group, role},

5

    connection::{Connection, SensitiveString},

6

    define_basic_unique_mapped_view,

7

    document::{CollectionDocument, Document, KeyId},

8

    permissions::Permissions,

9

    schema::{Collection, NamedCollection},

10

};

11

12

/// A user that can authenticate with BonsaiDb.

13

94800

#[derive(Debug, Serialize, Deserialize, Default, Collection)]

14

#[collection(name = "user", authority = "khonsulabs", views = [ByName])]

15

#[collection(encryption_key = Some(KeyId::Master), encryption_optional, core = crate)]

16

pub struct User {

17

    /// The name of the role. Must be unique.

18

    pub username: String,

19

    /// The IDs of the user groups this user belongs to.

20

    pub groups: Vec<u64>,

21

    /// The IDs of the roles this user has been assigned.

22

    pub roles: Vec<u64>,

23

24

    /// The user's stored password hash.

25

///

26

    /// This field is not feature gated to prevent losing stored passwords if

27

    /// the `password-hashing` feature is disabled and then re-enabled and user

28

    /// records are updated in the meantime.

29

    #[serde(default)]

30

    pub argon_hash: Option<SensitiveString>,

31

32

33

impl User {

34

    /// Returns a default user with the given username.

35

170

    pub fn default_with_username(username: impl Into<String>) -> Self {

36

170

        Self {

37

170

            username: username.into(),

38

170

            ..Self::default()

39

170

40

170

41

42

    /// Calculates the effective permissions based on the groups and roles this

43

    /// user is assigned.

44

5

    pub async fn effective_permissions<C: Connection>(

45

5

        &self,

46

5

        admin: &C,

47

5

    ) -> Result<Permissions, crate::Error> {

48

        // List all of the groups that this user belongs to because of role associations.

49

5

        let role_groups = if self.roles.is_empty() {

50

5

            Vec::default()

51

        } else {

52

            let roles = admin.get_multiple::<role::Role>(&self.groups).await?;

53

            let role_groups = roles

54

                .into_iter()

55

                .map(|doc| doc.contents::<role::Role>().map(|role| role.groups))

56

                .collect::<Result<Vec<Vec<u64>>, _>>()?;

57

            role_groups

58

                .into_iter()

59

                .flat_map(Vec::into_iter)

60

                .collect::<Vec<u64>>()

61

};

62

        // Retrieve all of the groups.

63

5

        let groups = if role_groups.is_empty() {

64

5

            admin

65

5

                .get_multiple::<group::PermissionGroup>(&self.groups)

66

5

                .await?

67

        } else {

68

            let mut all_groups = role_groups;

69

            all_groups.extend(self.groups.iter().copied());

70

            all_groups.dedup();

71

            admin

72

                .get_multiple::<group::PermissionGroup>(&all_groups)

73

                .await?

74

};

75

76

        // Combine the permissions from all the groups into one.

77

5

        let merged_permissions = Permissions::merged(

78

5

            groups

79

5

                .into_iter()

80

5

                .map(|group| {

81

2

                    group

82

2

                        .contents::<group::PermissionGroup>()

83

2

                        .map(|group| Permissions::from(group.statements))

84

5

})

85

5

                .collect::<Result<Vec<_>, _>>()?

86

5

                .iter(),

87

5

);

88

5

89

5

        Ok(merged_permissions)

90

5

91

92

93

impl NamedCollection for User {

94

    type ByNameView = ByName;

95

96

97

define_basic_unique_mapped_view!(

98

    ByName,

99

    User,

100

1,

101

    "by-name",

102

    String,

103

750

    |document: CollectionDocument<User>| { document.header.emit_key(document.contents.username) }

104

);