flotte-user-management/src/database/roles.rs

use crate::database::models::Role;
use crate::database::role_permissions::RolePermissions;
use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};
use crate::utils::error::DBError;

/// The role table that stores
/// all defined roles
#[derive(Clone)]
pub struct Roles {
    pool: PostgresPool,
    role_permission: RolePermissions,
}

impl Table for Roles {
    fn new(pool: PostgresPool) -> Self {
        Self {
            role_permission: RolePermissions::new(PostgresPool::clone(&pool)),
            pool,
        }
    }

    fn init(&self) -> DatabaseResult<()> {
        self.pool.get()?.batch_execute(
            "
            CREATE TABLE IF NOT EXISTS roles (
            id              SERIAL PRIMARY KEY,
            name            VARCHAR(128) UNIQUE NOT NULL,
            description     VARCHAR(512)
        );",
        )?;

        Ok(())
    }
}

impl Roles {
    /// Creates a new role with the given permissions
    /// that are then automatically assigned to the role
    ///
    /// The role is automatically assigned to the default admin user
    pub fn create_role(
        &self,
        name: String,
        description: Option<String>,
        permissions: Vec<i32>,
    ) -> DatabaseResult<Role> {
        let mut connection = self.pool.get()?;
        let exists = connection.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?;

        if exists.is_some() {
            return Err(DBError::RecordExists);
        }
        let permissions_exist = connection.query(
            "SELECT id FROM permissions WHERE permissions.id = ANY ($1)",
            &[&permissions],
        )?;
        if permissions_exist.len() != permissions.len() {
            return Err(DBError::GenericError(format!(
                "Not all provided permissions exist! Existing permissions: {:?}",
                permissions_exist
                    .iter()
                    .map(|row| -> i32 { row.get(0) })
                    .collect::<Vec<i32>>()
            )));
        }

        log::trace!("Preparing transaction");
        let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());
        let mut transaction = connection.transaction()?;

        let result: DatabaseResult<Role> = {
            let row = transaction.query_one(
                "INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",
                &[&name, &description],
            )?;
            let role: Role = serde_postgres::from_row(&row)?;
            for permission in permissions {
                transaction.execute(
                    "INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2);",
                    &[&role.id, &permission],
                )?;
            }
            if let Err(e) = transaction.execute(
                "INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",
                &[&admin_email, &role.id],
            ) {
                log::debug!("Failed to add role to admin user: {}", e);
            }

            Ok(role)
        };
        match result {
            Err(e) => {
                log::warn!("Failed to create role {}: {}", name, e);
                log::trace!("Rolling back...");
                transaction.rollback()?;
                log::trace!("Rolled back!");
                Err(e)
            }
            Ok(role) => {
                log::debug!("Successfully created role {} with id {}", name, role.id);
                log::trace!("Committing...");
                transaction.commit()?;
                log::trace!("Committed!");

                Ok(role)
            }
        }
    }

    /// Returns information for a role
    pub fn get_role(&self, name: String) -> DatabaseResult<Role> {
        let mut connection = self.pool.get()?;
        let result = connection.query_opt("SELECT * FROM roles WHERE roles.name = $1", &[&name])?;

        if let Some(row) = result {
            Ok(serde_postgres::from_row::<Role>(&row)?)
        } else {
            Err(DBError::RecordDoesNotExist)
        }
    }

    /// Returns a list of all roles
    pub fn get_roles(&self) -> DatabaseResult<Vec<Role>> {
        let mut connection = self.pool.get()?;
        let results = connection.query("SELECT * FROM roles", &[])?;
        let mut roles = Vec::new();

        for row in results {
            roles.push(serde_postgres::from_row::<Role>(&row)?);
        }

        Ok(roles)
    }
}
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::models::Role;`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::role_permissions::RolePermissions;`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};`
Add getRoles method and return ttl for tokens Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`use crate::utils::error::DBError;`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Add some comments and fix some style issues Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`/// The role table that stores`
			`/// all defined roles`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`#[derive(Clone)]`
			`pub struct Roles {`
Switch to pooled postgres client Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pool: PostgresPool,`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`role_permission: RolePermissions,`
			`}`

Add function to create a user Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`impl Table for Roles {`
Switch to pooled postgres client Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`fn new(pool: PostgresPool) -> Self {`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Self {`
Switch to pooled postgres client Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`role_permission: RolePermissions::new(PostgresPool::clone(&pool)),`
			`pool,`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`

Add redis connection to all models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`fn init(&self) -> DatabaseResult<()> {`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`self.pool.get()?.batch_execute(`
			`"`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`CREATE TABLE IF NOT EXISTS roles (`
			`id SERIAL PRIMARY KEY,`
			`name VARCHAR(128) UNIQUE NOT NULL,`
			`description VARCHAR(512)`
			`);",`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`)?;`

			`Ok(())`
Add data models Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
			`}`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`impl Roles {`
Add some comments and fix some style issues Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`/// Creates a new role with the given permissions`
			`/// that are then automatically assigned to the role`
			`///`
			`/// The role is automatically assigned to the default admin user`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`pub fn create_role(`
			`&self,`
			`name: String,`
			`description: Option<String>,`
			`permissions: Vec<i32>,`
			`) -> DatabaseResult<Role> {`
Switch to pooled postgres client Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let mut connection = self.pool.get()?;`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let exists = connection.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?;`

			`if exists.is_some() {`
			`return Err(DBError::RecordExists);`
			`}`
Add roles/create REST method Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let permissions_exist = connection.query(`
			`"SELECT id FROM permissions WHERE permissions.id = ANY ($1)",`
			`&[&permissions],`
			`)?;`
			`if permissions_exist.len() != permissions.len() {`
			`return Err(DBError::GenericError(format!(`
			`"Not all provided permissions exist! Existing permissions: {:?}",`
			`permissions_exist`
			`.iter()`
			`.map(\|row\| -> i32 { row.get(0) })`
			`.collect::<Vec<i32>>()`
			`)));`
			`}`

Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`log::trace!("Preparing transaction");`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let mut transaction = connection.transaction()?;`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`let result: DatabaseResult<Role> = {`
			`let row = transaction.query_one(`
			`"INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",`
			`&[&name, &description],`
			`)?;`
			`let role: Role = serde_postgres::from_row(&row)?;`
			`for permission in permissions {`
			`transaction.execute(`
			`"INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2);",`
			`&[&role.id, &permission],`
			`)?;`
			`}`
Change permission creation to return permissions even if they exist Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`if let Err(e) = transaction.execute(`
Change admin role and user handling Change the handling of the default admin role and the default admin user to be assigned roles based on their names instead of their id. Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`"INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",`
			`&[&admin_email, &role.id],`
Change permission creation to return permissions even if they exist Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`) {`
			`log::debug!("Failed to add role to admin user: {}", e);`
			`}`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`Ok(role)`
			`};`
Change permission creation to return permissions even if they exist Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`match result {`
			`Err(e) => {`
			`log::warn!("Failed to create role {}: {}", name, e);`
			`log::trace!("Rolling back...");`
			`transaction.rollback()?;`
			`log::trace!("Rolled back!");`
			`Err(e)`
			`}`
			`Ok(role) => {`
			`log::debug!("Successfully created role {} with id {}", name, role.id);`
			`log::trace!("Committing...");`
			`transaction.commit()?;`
			`log::trace!("Committed!");`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
Change permission creation to return permissions even if they exist Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`Ok(role)`
			`}`
			`}`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`
Add path to get information about a role Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`/// Returns information for a role`
			`pub fn get_role(&self, name: String) -> DatabaseResult<Role> {`
			`let mut connection = self.pool.get()?;`
			`let result = connection.query_opt("SELECT * FROM roles WHERE roles.name = $1", &[&name])?;`

			`if let Some(row) = result {`
			`Ok(serde_postgres::from_row::<Role>(&row)?)`
			`} else {`
			`Err(DBError::RecordDoesNotExist)`
			`}`
			`}`
Add path to view all roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago
			`/// Returns a list of all roles`
			`pub fn get_roles(&self) -> DatabaseResult<Vec<Role>> {`
			`let mut connection = self.pool.get()?;`
			`let results = connection.query("SELECT * FROM roles", &[])?;`
			`let mut roles = Vec::new();`

			`for row in results {`
			`roles.push(serde_postgres::from_row::<Role>(&row)?);`
			`}`

			`Ok(roles)`
			`}`
Add method to create roles Signed-off-by: trivernis <trivernis@protonmail.com> 4 years ago			`}`