From 9f5ed697476a6ff16f609bd141a603548b016ab1 Mon Sep 17 00:00:00 2001 From: Satyam Singh Date: Thu, 3 Aug 2023 15:22:42 +0530 Subject: [PATCH 1/2] Make tag in reader role optional --- server/src/handlers/http/query.rs | 2 +- server/src/rbac/role.rs | 13 +++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/server/src/handlers/http/query.rs b/server/src/handlers/http/query.rs index 22a4c7fcc..eac411028 100644 --- a/server/src/handlers/http/query.rs +++ b/server/src/handlers/http/query.rs @@ -89,7 +89,7 @@ impl FromRequest for Query { match permission { Permission::Stream(Action::All, _) => authorized = true, Permission::StreamWithTag(Action::Query, stream, tag) - if stream == query.stream_name => + if stream == query.stream_name || stream == "*" => { authorized = true; if let Some(tag) = tag { diff --git a/server/src/rbac/role.rs b/server/src/rbac/role.rs index 62cb3320f..3849662ba 100644 --- a/server/src/rbac/role.rs +++ b/server/src/rbac/role.rs @@ -110,7 +110,7 @@ pub mod model { Admin, Editor, Writer { stream: String }, - Reader { stream: String, tag: String }, + Reader { stream: String, tag: Option }, } impl From<&DefaultPrivilege> for RoleBuilder { @@ -121,9 +121,14 @@ pub mod model { DefaultPrivilege::Writer { stream } => { writer_perm_builder().with_stream(stream.to_owned()) } - DefaultPrivilege::Reader { stream, tag } => reader_perm_builder() - .with_stream(stream.to_owned()) - .with_tag(tag.to_owned()), + DefaultPrivilege::Reader { stream, tag } => { + let mut reader = reader_perm_builder() + .with_stream(stream.to_owned()); + if let Some(tag) = tag { + reader = reader.with_tag(tag.to_owned()) + } + reader + }, } } } From bf5ae441504c29b129f745c967058e547e9341ca Mon Sep 17 00:00:00 2001 From: Satyam Singh Date: Thu, 3 Aug 2023 15:37:30 +0530 Subject: [PATCH 2/2] Cargo fmt --- server/src/rbac/role.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/server/src/rbac/role.rs b/server/src/rbac/role.rs index 3849662ba..ab793de80 100644 --- a/server/src/rbac/role.rs +++ b/server/src/rbac/role.rs @@ -122,13 +122,12 @@ pub mod model { writer_perm_builder().with_stream(stream.to_owned()) } DefaultPrivilege::Reader { stream, tag } => { - let mut reader = reader_perm_builder() - .with_stream(stream.to_owned()); + let mut reader = reader_perm_builder().with_stream(stream.to_owned()); if let Some(tag) = tag { reader = reader.with_tag(tag.to_owned()) } reader - }, + } } } }