Skip to content

Commit 2c5146b

Browse files
committed
fixup: replace editoast_models::User in State by authz::User
1 parent 4f25019 commit 2c5146b

4 files changed

Lines changed: 18 additions & 24 deletions

File tree

editoast/src/authentication.rs

Lines changed: 7 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -77,24 +77,17 @@ impl Mode {
7777
#[derive(Debug, Clone)]
7878
pub enum State {
7979
Skip,
80-
Authenticated {
81-
user: editoast_models::User,
82-
roles: Vec<Role>,
83-
},
80+
Authenticated { user: authz::User, roles: Vec<Role> },
8481
}
8582

8683
impl State {
87-
pub fn user(&self) -> Option<&editoast_models::User> {
84+
pub fn user(&self) -> Option<authz::User> {
8885
match self {
8986
State::Skip => None,
90-
State::Authenticated { user, .. } => Some(user),
87+
State::Authenticated { user, .. } => Some(*user),
9188
}
9289
}
9390

94-
pub fn authz_user(&self) -> Option<authz::User> {
95-
self.user().map(|user| authz::User(user.id))
96-
}
97-
9891
pub fn roles(&self) -> &[Role] {
9992
static EMPTY_ROLES: [Role; 0] = [];
10093
match self {
@@ -109,12 +102,9 @@ impl State {
109102
conn: database::DbConnection,
110103
) -> itertools::Either<UserAuthorizer<'a>, SystemAuthorizer<'a>> {
111104
match self {
112-
State::Authenticated { user, roles } => itertools::Either::Left(UserAuthorizer::new(
113-
authz::User(user.id),
114-
roles.clone(),
115-
openfga,
116-
conn,
117-
)),
105+
State::Authenticated { user, roles } => {
106+
itertools::Either::Left(UserAuthorizer::new(*user, roles.clone(), openfga, conn))
107+
}
118108
State::Skip => itertools::Either::Right(SystemAuthorizer {
119109
openfga,
120110
conn: conn.clone(),
@@ -129,7 +119,7 @@ impl State {
129119
/// [Mode::Impersonating] (in which case it is the impersonated user).
130120
pub fn try_new(
131121
mode: Mode,
132-
user: Option<editoast_models::User>,
122+
user: Option<authz::User>,
133123
roles: Vec<Role>,
134124
) -> Result<Self, AuthorizationError> {
135125
match mode {

editoast/src/views/authz.rs

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -131,10 +131,15 @@ pub(in crate::views) struct WhoamiResponse {
131131
)]
132132
pub(in crate::views) async fn whoami(
133133
Extension(authn_state): Extension<crate::authentication::State>,
134+
State(AppState { db_pool, .. }): State<AppState>,
134135
) -> Result<Json<WhoamiResponse>> {
135136
match authn_state {
136137
crate::authentication::State::Skip => Err(AuthorizationError::Unauthenticated)?,
137138
crate::authentication::State::Authenticated { user, roles } => {
139+
let conn = db_pool.get().await?;
140+
let user = editoast_models::User::retrieve(conn, user.0)
141+
.await?
142+
.expect("user stored in the authorization middleware extension should exist");
138143
let roles = HashSet::from_iter(roles);
139144
Ok(Json(WhoamiResponse {
140145
id: user.id,
@@ -163,7 +168,7 @@ pub(in crate::views) async fn user_groups(
163168
}): State<AppState>,
164169
) -> Result<Json<Vec<Group>>> {
165170
let user = authn_state
166-
.authz_user()
171+
.user()
167172
.ok_or(AuthorizationError::Unauthenticated)?;
168173
let authorizer = authn_state.authorizer(regulator.openfga(), db_pool.get().await?);
169174
let user_groups = authz::v2::user_groups(user)
@@ -383,19 +388,18 @@ pub(in crate::views) async fn user_privileges(
383388
let mut conn = db_pool.get().await?;
384389
match &authn_state {
385390
crate::authentication::State::Authenticated { user, .. } => {
386-
let user = authz::User(user.id);
387391
let resources = resources_ids.into_iter().flat_map(|(resource_type, ids)| {
388392
ids.into_iter().map(move |id| match resource_type {
389393
ResourceType::Infra => Resource::Infra(authz::Infra(id)),
390394
ResourceType::RollingStock => Resource::RollingStock(authz::RollingStock(id)),
391395
})
392396
});
393397
let protected_privileges = resources.map(|resource| match resource {
394-
resource @ Resource::Infra(infra) => v2::infra_privileges(user, infra)
398+
resource @ Resource::Infra(infra) => v2::infra_privileges(*user, infra)
395399
.collect_into::<HashSet<StandardPrivilege>>()
396400
.zip(v2::Protected::value(resource)),
397401
resource @ Resource::RollingStock(rolling_stock) => {
398-
v2::rolling_stock_privileges(user, rolling_stock)
402+
v2::rolling_stock_privileges(*user, rolling_stock)
399403
.collect_into::<HashSet<StandardPrivilege>>()
400404
.zip(v2::Protected::value(resource))
401405
}
@@ -528,7 +532,7 @@ pub(in crate::views) async fn user_grants(
528532
Json(body): Json<HashMap<ResourceType, Vec<i64>>>,
529533
) -> Result<Json<HashMap<ResourceType, Vec<UserResourceGrant>>>> {
530534
let user = authn_state
531-
.authz_user()
535+
.user()
532536
.ok_or(AuthorizationError::Unauthenticated)?;
533537
let authorizer = authn_state.authorizer(regulator.openfga(), db_pool.get().await?);
534538
let mut response = HashMap::<_, Vec<UserResourceGrant>>::new();

editoast/src/views/infra/mod.rs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,6 @@ pub(in crate::views) async fn list(
203203
let settings = match authn {
204204
crate::authentication::State::Skip => default_settings,
205205
crate::authentication::State::Authenticated { user, roles } => {
206-
let user = authz::User(user.id);
207206
let authorizer =
208207
UserAuthorizer::new(user, roles.clone(), regulator.openfga(), conn.clone());
209208
let authorized_infras = authorizer

editoast/src/views/server/middlewares.rs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,8 @@ pub(in crate::views) async fn authentication_validation_middleware(
236236
span.record("user.roles", tracing::field::debug(&roles));
237237
span.record("user.is_admin", roles.contains(&Role::Admin));
238238

239-
let state = crate::authentication::State::try_new(authn, user, roles.clone())?;
239+
let authz_user = user.map(|user| authz::User(user.id));
240+
let state = crate::authentication::State::try_new(authn, authz_user, roles.clone())?;
240241
span.record("authz.state", tracing::field::debug(&state));
241242
req.extensions_mut().insert(state);
242243
req.extensions_mut().remove::<crate::authentication::Mode>();

0 commit comments

Comments
 (0)