1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

use crate::permissions::{AuthDetails, PermissionsCheck};
use actix_web::guard::{Guard, GuardContext};

/// Implementation of Guard trait for validate permissions
/// ```
/// use actix_web::dev::ServiceRequest;
/// use actix_web::{web, App, Error, HttpResponse, HttpServer};
///
/// use actix_web_grants::{GrantsMiddleware, PermissionGuard};
/// use std::sync::Arc;
///
/// fn main() {
///     HttpServer::new(|| {
///         App::new()
///             .wrap(GrantsMiddleware::with_extractor(extract))
///             .service(web::resource("/admin")
///                     .to(|| async { HttpResponse::Ok().finish() })
///                     .guard(PermissionGuard::new("ROLE_ADMIN".to_string())))
///     });
/// }
///
/// async fn extract(_req: &ServiceRequest) -> Result<Vec<String>, Error> {
///    // Here is a place for your code to get user permissions/grants/permissions from a request
///    // For example from a token or database
///
///    // Stub example
///    Ok(vec!["ROLE_ADMIN".to_string()])
/// }
/// ```
pub struct PermissionGuard<Type> {
    allow_permission: Type,
}

impl<Type: PartialEq + Clone + 'static> PermissionGuard<Type> {
    pub fn new(allow_permission: Type) -> PermissionGuard<Type> {
        PermissionGuard { allow_permission }
    }
}

impl<Type: PartialEq + Clone + 'static> Guard for PermissionGuard<Type> {
    fn check(&self, request: &GuardContext) -> bool {
        request
            .req_data()
            .get::<AuthDetails<Type>>()
            .filter(|details| details.has_permission(&self.allow_permission))
            .is_some()
    }
}