New request guard: Authorization<Action, Scope>

Filter requests that don't have an API token authorized to read or write
a specific scope;
This commit is contained in:
Baptiste Gelez
2018-10-23 10:37:24 +01:00
parent cd4ae5b7f5
commit 31641b1ea1
4 changed files with 68 additions and 21 deletions
+1 -1
View File
@@ -44,7 +44,7 @@ impl ApiToken {
insert!(api_tokens, NewApiToken);
find_by!(api_tokens, find_by_value, value as String);
fn can(&self, what: &'static str, scope: &'static str) -> bool {
pub fn can(&self, what: &'static str, scope: &'static str) -> bool {
let full_scope = what.to_owned() + ":" + scope;
for s in self.scopes.split('+') {
if s == what || s == full_scope {