markbase/markbase-smb/src/acl.rs

use serde::{Deserialize, Serialize};

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct UserPermission {
    pub username: String,
    pub read_access: bool,
    pub write_access: bool,
    pub admin_access: bool,
}

impl Default for UserPermission {
    fn default() -> Self {
        UserPermission {
            username: "accusys".to_string(),
            read_access: true,
            write_access: true,
            admin_access: false,
        }
    }
}

impl UserPermission {
    pub fn new(username: String, read: bool, write: bool, admin: bool) -> Self {
        UserPermission {
            username,
            read_access: read,
            write_access: write,
            admin_access: admin,
        }
    }

    pub fn readonly(username: String) -> Self {
        UserPermission::new(username, true, false, false)
    }

    pub fn full_access(username: String) -> Self {
        UserPermission::new(username, true, true, false)
    }

    pub fn admin(username: String) -> Self {
        UserPermission::new(username, true, true, true)
    }
}

#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct AccessControlList {
    pub users: Vec<UserPermission>,
    pub guest_access: bool,
    pub max_connections: u32,
}

impl AccessControlList {
    pub fn new() -> Self {
        AccessControlList {
            users: vec![UserPermission::default()],
            guest_access: false,
            max_connections: 10,
        }
    }

    pub fn add_user(&mut self, permission: UserPermission) {
        if let Some(existing) = self
            .users
            .iter_mut()
            .find(|u| u.username == permission.username)
        {
            *existing = permission;
        } else {
            self.users.push(permission);
        }
    }

    pub fn remove_user(&mut self, username: &str) {
        self.users.retain(|u| u.username != username);
    }

    pub fn get_user(&self, username: &str) -> Option<&UserPermission> {
        self.users.iter().find(|u| u.username == username)
    }

    pub fn has_access(&self, username: &str, require_write: bool) -> bool {
        if self.guest_access && !require_write {
            return true;
        }

        self.get_user(username)
            .map(|u| {
                if require_write {
                    u.write_access
                } else {
                    u.read_access
                }
            })
            .unwrap_or(false)
    }
}