Plume/src/api/authorization.rs

use rocket::{
    Outcome,
    http::Status,
    request::{self, FromRequest, Request}
};
use std::marker::PhantomData;
use plume_models::{self, api_tokens::ApiToken};

// Actions
pub trait Action {
    fn to_str() -> &'static str;
}
pub struct Read;
impl Action for Read {
    fn to_str() -> &'static str {
        "read"
    }
}
pub struct Write;
impl Action for Write {
    fn to_str() -> &'static str {
        "write"
    }
}

// Scopes
pub trait Scope {
    fn to_str() -> &'static str;
}
impl Scope for plume_models::posts::Post {
    fn to_str() -> &'static str {
        "posts"
    }
}

pub struct Authorization<A, S> (PhantomData<(A, S)>);

impl<'a, 'r, A, S> FromRequest<'a, 'r> for Authorization<A, S>
where A: Action,
      S: Scope
{
    type Error = ();

    fn from_request(request: &'a Request<'r>) -> request::Outcome<Authorization<A, S>, ()> {
        request.guard::<ApiToken>()
            .map_failure(|_| (Status::Unauthorized, ()))
            .and_then(|token| if token.can(A::to_str(), S::to_str()) {
                Outcome::Success(Authorization(PhantomData))
            } else {
                Outcome::Failure((Status::Unauthorized, ()))
            })
    }
}
New request guard: Authorization<Action, Scope> Filter requests that don't have an API token authorized to read or write a specific scope; 2018-10-23 11:37:24 +02:00			`use rocket::{`
			`Outcome,`
			`http::Status,`
			`request::{self, FromRequest, Request}`
			`};`
Use PhantomData intead of two Options useless for Authorization And remove some warnings about unused parameters 2018-10-24 13:21:42 +02:00			`use std::marker::PhantomData;`
New request guard: Authorization<Action, Scope> Filter requests that don't have an API token authorized to read or write a specific scope; 2018-10-23 11:37:24 +02:00			`use plume_models::{self, api_tokens::ApiToken};`

			`// Actions`
			`pub trait Action {`
			`fn to_str() -> &'static str;`
			`}`
			`pub struct Read;`
			`impl Action for Read {`
			`fn to_str() -> &'static str {`
			`"read"`
			`}`
			`}`
			`pub struct Write;`
			`impl Action for Write {`
			`fn to_str() -> &'static str {`
			`"write"`
			`}`
			`}`

			`// Scopes`
			`pub trait Scope {`
			`fn to_str() -> &'static str;`
			`}`
			`impl Scope for plume_models::posts::Post {`
			`fn to_str() -> &'static str {`
			`"posts"`
			`}`
			`}`

Use PhantomData intead of two Options useless for Authorization And remove some warnings about unused parameters 2018-10-24 13:21:42 +02:00			`pub struct Authorization<A, S> (PhantomData<(A, S)>);`
New request guard: Authorization<Action, Scope> Filter requests that don't have an API token authorized to read or write a specific scope; 2018-10-23 11:37:24 +02:00
			`impl<'a, 'r, A, S> FromRequest<'a, 'r> for Authorization<A, S>`
			`where A: Action,`
			`S: Scope`
			`{`
			`type Error = ();`

			`fn from_request(request: &'a Request<'r>) -> request::Outcome<Authorization<A, S>, ()> {`
			`request.guard::<ApiToken>()`
			`.map_failure(\|_\| (Status::Unauthorized, ()))`
			`.and_then(\|token\| if token.can(A::to_str(), S::to_str()) {`
Use PhantomData intead of two Options useless for Authorization And remove some warnings about unused parameters 2018-10-24 13:21:42 +02:00			`Outcome::Success(Authorization(PhantomData))`
New request guard: Authorization<Action, Scope> Filter requests that don't have an API token authorized to read or write a specific scope; 2018-10-23 11:37:24 +02:00			`} else {`
			`Outcome::Failure((Status::Unauthorized, ()))`
			`})`
			`}`
			`}`