You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
flotte-user-management/src/database/roles.rs

140 lines
4.6 KiB
Rust

// flotte-user-management server for managing users, roles and permissions
// Copyright (C) 2020 trivernis
// See LICENSE for more information
use crate::database::models::Role;
use crate::database::role_permissions::RolePermissions;
use crate::database::{DatabaseResult, PostgresPool, Table, DEFAULT_ADMIN_EMAIL, ENV_ADMIN_EMAIL};
use crate::utils::error::DBError;
/// The role table that stores
/// all defined roles
#[derive(Clone)]
pub struct Roles {
pool: PostgresPool,
role_permission: RolePermissions,
}
impl Table for Roles {
fn new(pool: PostgresPool) -> Self {
Self {
role_permission: RolePermissions::new(PostgresPool::clone(&pool)),
pool,
}
}
fn init(&self) -> DatabaseResult<()> {
self.pool.get()?.batch_execute(
"
CREATE TABLE IF NOT EXISTS roles (
id SERIAL PRIMARY KEY,
name VARCHAR(128) UNIQUE NOT NULL,
description VARCHAR(512)
);",
)?;
Ok(())
}
}
impl Roles {
/// Creates a new role with the given permissions
/// that are then automatically assigned to the role
///
/// The role is automatically assigned to the default admin user
pub fn create_role(
&self,
name: String,
description: Option<String>,
permissions: Vec<i32>,
) -> DatabaseResult<Role> {
let mut connection = self.pool.get()?;
let exists = connection.query_opt("SELECT id FROM roles WHERE name = $1", &[&name])?;
if exists.is_some() {
return Err(DBError::RecordExists);
}
let permissions_exist = connection.query(
"SELECT id FROM permissions WHERE permissions.id = ANY ($1)",
&[&permissions],
)?;
if permissions_exist.len() != permissions.len() {
return Err(DBError::GenericError(format!(
"Not all provided permissions exist! Existing permissions: {:?}",
permissions_exist
.iter()
.map(|row| -> i32 { row.get(0) })
.collect::<Vec<i32>>()
)));
}
log::trace!("Preparing transaction");
let admin_email = dotenv::var(ENV_ADMIN_EMAIL).unwrap_or(DEFAULT_ADMIN_EMAIL.to_string());
let mut transaction = connection.transaction()?;
let result: DatabaseResult<Role> = {
let row = transaction.query_one(
"INSERT INTO roles (name, description) VALUES ($1, $2) RETURNING *",
&[&name, &description],
)?;
let role: Role = serde_postgres::from_row(&row)?;
for permission in permissions {
transaction.execute(
"INSERT INTO role_permissions (role_id, permission_id) VALUES ($1, $2);",
&[&role.id, &permission],
)?;
}
if let Err(e) = transaction.execute(
"INSERT INTO user_roles (user_id, role_id) VALUES ((SELECT id FROM users WHERE email = $1), $2)",
&[&admin_email, &role.id],
) {
log::debug!("Failed to add role to admin user: {}", e);
}
Ok(role)
};
match result {
Err(e) => {
log::warn!("Failed to create role {}: {}", name, e);
log::trace!("Rolling back...");
transaction.rollback()?;
log::trace!("Rolled back!");
Err(e)
}
Ok(role) => {
log::debug!("Successfully created role {} with id {}", name, role.id);
log::trace!("Committing...");
transaction.commit()?;
log::trace!("Committed!");
Ok(role)
}
}
}
/// Returns information for a role
pub fn get_role(&self, name: String) -> DatabaseResult<Role> {
let mut connection = self.pool.get()?;
let result = connection.query_opt("SELECT * FROM roles WHERE roles.name = $1", &[&name])?;
if let Some(row) = result {
Ok(serde_postgres::from_row::<Role>(&row)?)
} else {
Err(DBError::RecordDoesNotExist)
}
}
/// Returns a list of all roles
pub fn get_roles(&self) -> DatabaseResult<Vec<Role>> {
let mut connection = self.pool.get()?;
let results = connection.query("SELECT * FROM roles", &[])?;
let mut roles = Vec::new();
for row in results {
roles.push(serde_postgres::from_row::<Role>(&row)?);
}
Ok(roles)
}
}