server: statically enforce access control

2023-02-17 15:59:32 +01:00
parent 322bf26db5
commit c9997d4c17
18 changed files with 712 additions and 359 deletions
--- a/server/src/domain/sql_user_backend_handler.rs
+++ b/server/src/domain/sql_user_backend_handler.rs
@@ -1,6 +1,9 @@
-use super::{
+use crate::domain::{
    error::{DomainError, Result},
-    handler::{CreateUserRequest, UpdateUserRequest, UserBackendHandler, UserRequestFilter},
+    handler::{
+        CreateUserRequest, UpdateUserRequest, UserBackendHandler, UserListerBackendHandler,
+        UserRequestFilter,
+    },
    model::{self, GroupColumn, UserColumn},
    sql_backend_handler::SqlBackendHandler,
    types::{GroupDetails, GroupId, User, UserAndGroups, UserId, Uuid},
@@ -70,7 +73,7 @@ fn to_value(opt_name: &Option<String>) -> ActiveValue<Option<String>> {
 }

 #[async_trait]
-impl UserBackendHandler for SqlBackendHandler {
+impl UserListerBackendHandler for SqlBackendHandler {
    #[instrument(skip_all, level = "debug", ret, err)]
    async fn list_users(
        &self,
@@ -135,7 +138,10 @@ impl UserBackendHandler for SqlBackendHandler {
                .collect())
        }
    }
+}

+#[async_trait]
+impl UserBackendHandler for SqlBackendHandler {
    #[instrument(skip_all, level = "debug", ret)]
    async fn get_user_details(&self, user_id: &UserId) -> Result<User> {
        debug!(?user_id);