pfzetto/rebacs
1
0
Fork 0
mirror of https://github.com/pfzetto/rebacs synced 2024-11-21 18:52:50 +01:00
Code Issues Projects Releases Packages Wiki Activity

new backend #2

Browse source
This commit is contained in:
Paul Zinselmeyer 2023-05-01 02:28:17 +02:00
parent 1b53e041e3
commit 0b1af2771c
Signed by: pfzetto
GPG key ID: 4EEF46A5B276E648
2 changed files with 12 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/grpc_service.rs
View file

@ -51,10 +51,11 @@ impl RelationService for GraphService {
return Err(Status::invalid_argument("dst.id must be set")); return Err(Status::invalid_argument("dst.id must be set"));
} }
if !graph.has( if !graph.has_recursive(
("themis_key", &*api_key), ("themis_key", &*api_key),
"write", "write",
("themis_ns", &*req_dst.namespace), ("themis_ns", &*req_dst.namespace),
u32::MAX,
) { ) {
return Err(Status::permission_denied( return Err(Status::permission_denied(
"missing dst.namespace write permissions", "missing dst.namespace write permissions",
@ -127,10 +128,11 @@ impl RelationService for GraphService {
return Err(Status::invalid_argument("dst.id must be set")); return Err(Status::invalid_argument("dst.id must be set"));
} }
if !graph.has( if !graph.has_recursive(
("themis_key", &*api_key), ("themis_key", &*api_key),
"write", "write",
("themis_ns", &*req_dst.namespace), ("themis_ns", &*req_dst.namespace),
u32::MAX,
) { ) {
return Err(Status::permission_denied( return Err(Status::permission_denied(
"missing dst.namespace write permissions", "missing dst.namespace write permissions",
@ -198,10 +200,11 @@ impl RelationService for GraphService {
return Err(Status::invalid_argument("dst.id must be set")); return Err(Status::invalid_argument("dst.id must be set"));
} }
if !graph.has( if !graph.has_recursive(
("themis_key", &*api_key), ("themis_key", &*api_key),
"read", "read",
("themis_ns", &*req_dst.namespace), ("themis_ns", &*req_dst.namespace),
u32::MAX,
) { ) {
return Err(Status::permission_denied( return Err(Status::permission_denied(
"missing dst.namespace write permissions", "missing dst.namespace write permissions",
@ -272,13 +275,14 @@ impl QueryService for GraphService {
return Err(Status::invalid_argument("dst.id must be set")); return Err(Status::invalid_argument("dst.id must be set"));
} }
if !graph.has( if !graph.has_recursive(
("themis_key", &*api_key), ("themis_key", &*api_key),
"read", "read",
("themis_ns", &*req_dst.namespace), ("themis_ns", &*req_dst.namespace),
u32::MAX,
) { ) {
return Err(Status::permission_denied( return Err(Status::permission_denied(
"missing dst.namespace write permissions", "missing dst.namespace read permissions",
))?; ))?;
} }

3
src/relation_set.rs
View file

@ -224,6 +224,9 @@ impl RelationSet {
.await .await
.unwrap(); .unwrap();
for (rel, srcs) in rels_srcs.iter() { for (rel, srcs) in rels_srcs.iter() {
if srcs.is_empty() {
continue;
}
let srcs = srcs let srcs = srcs
.iter() .iter()
.map(|src| { .map(|src| {