new backend #2

2024-11-21 10:42:49 +01:00 · 2023-05-01 02:28:17 +02:00 · 2023-05-01 02:28:17 +02:00 · 0b1af2771c
commit 0b1af2771c
parent 1b53e041e3
2 changed files with 12 additions and 5 deletions
--- a/src/grpc_service.rs
+++ b/src/grpc_service.rs
@ -51,10 +51,11 @@ impl RelationService for GraphService {
            return Err(Status::invalid_argument("dst.id must be set"));
        }

-        if !graph.has(
+        if !graph.has_recursive(
            ("themis_key", &*api_key),
            "write",
            ("themis_ns", &*req_dst.namespace),
+            u32::MAX,
        ) {
            return Err(Status::permission_denied(
                "missing dst.namespace write permissions",
@ -127,10 +128,11 @@ impl RelationService for GraphService {
            return Err(Status::invalid_argument("dst.id must be set"));
        }

-        if !graph.has(
+        if !graph.has_recursive(
            ("themis_key", &*api_key),
            "write",
            ("themis_ns", &*req_dst.namespace),
+            u32::MAX,
        ) {
            return Err(Status::permission_denied(
                "missing dst.namespace write permissions",
@ -198,10 +200,11 @@ impl RelationService for GraphService {
            return Err(Status::invalid_argument("dst.id must be set"));
        }

-        if !graph.has(
+        if !graph.has_recursive(
            ("themis_key", &*api_key),
            "read",
            ("themis_ns", &*req_dst.namespace),
+            u32::MAX,
        ) {
            return Err(Status::permission_denied(
                "missing dst.namespace write permissions",
@ -272,13 +275,14 @@ impl QueryService for GraphService {
            return Err(Status::invalid_argument("dst.id must be set"));
        }

-        if !graph.has(
+        if !graph.has_recursive(
            ("themis_key", &*api_key),
            "read",
            ("themis_ns", &*req_dst.namespace),
+            u32::MAX,
        ) {
            return Err(Status::permission_denied(
-                "missing dst.namespace write permissions",
+                "missing dst.namespace read permissions",
            ))?;
        }

--- a/src/relation_set.rs
+++ b/src/relation_set.rs
@ -224,6 +224,9 @@ impl RelationSet {
                .await
                .unwrap();
            for (rel, srcs) in rels_srcs.iter() {
+                if srcs.is_empty() {
+                    continue;
+                }
                let srcs = srcs
                    .iter()
                    .map(|src| {