d94cb2df4c
- Fix trailing whitespace in kex.rs and s3.rs - Add missing KexProposal import in kex_complete.rs - Auto-fix clippy warnings across all crates - All 153 tests pass
51 lines
1.3 KiB
Rust
51 lines
1.3 KiB
Rust
use crate::acl::AccessControlList;
|
|
use anyhow::Result;
|
|
|
|
pub struct AuthManager {
|
|
acl: AccessControlList,
|
|
}
|
|
|
|
impl AuthManager {
|
|
pub fn new(acl: AccessControlList) -> Self {
|
|
AuthManager { acl }
|
|
}
|
|
|
|
pub fn authenticate(&self, username: &str, password: Option<&str>) -> Result<bool> {
|
|
if self.acl.guest_access && password.is_none() {
|
|
return Ok(true);
|
|
}
|
|
|
|
if password.is_none() {
|
|
return Err(anyhow::anyhow!("Password required for user {}", username));
|
|
}
|
|
|
|
if self.acl.get_user(username).is_none() {
|
|
return Err(anyhow::anyhow!("User {} not in ACL", username));
|
|
}
|
|
|
|
Ok(true)
|
|
}
|
|
|
|
pub fn check_permission(&self, username: &str, action: &str) -> Result<bool> {
|
|
let require_write = action == "write" || action == "delete" || action == "create";
|
|
|
|
if !self.acl.has_access(username, require_write) {
|
|
return Err(anyhow::anyhow!(
|
|
"User {} does not have {} permission",
|
|
username,
|
|
action
|
|
));
|
|
}
|
|
|
|
Ok(true)
|
|
}
|
|
|
|
pub fn get_acl(&self) -> &AccessControlList {
|
|
&self.acl
|
|
}
|
|
|
|
pub fn update_acl(&mut self, acl: AccessControlList) {
|
|
self.acl = acl;
|
|
}
|
|
}
|