diff --git a/Cargo.lock b/Cargo.lock index 3965d74..11b2b28 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -887,6 +887,7 @@ name = "cosmian_rest_client" version = "0.1.0" dependencies = [ "base64 0.21.7", + "clap", "der", "faker_rand", "pem", diff --git a/crate/cli/src/actions/permissions.rs b/crate/cli/src/actions/permissions.rs index 2ca83f9..d617a3c 100644 --- a/crate/cli/src/actions/permissions.rs +++ b/crate/cli/src/actions/permissions.rs @@ -1,21 +1,21 @@ use clap::Parser; -use cosmian_rest_client::RestClient; +use cosmian_rest_client::{Permission, RestClient}; use crate::{ actions::console, error::result::{CliResult, CliResultHelper}, }; -/// Manage the users' access rights to the indexes +/// Manage the users permissions to the indexes #[derive(Parser, Debug)] -pub enum AccessAction { - Create(CreateAccess), - Grant(GrantAccess), - Revoke(RevokeAccess), +pub enum PermissionsAction { + Create(CreateIndex), + Grant(GrantPermission), + Revoke(RevokePermission), } -impl AccessAction { - /// Processes the access action. +impl PermissionsAction { + /// Processes the permissions action. /// /// # Arguments /// @@ -35,11 +35,13 @@ impl AccessAction { } } -/// Create a new access right. +/// Create a new index. It results on an `admin` permission on a new index. +/// +/// Users can have 1 permission on multiple indexes #[derive(Parser, Debug)] -pub struct CreateAccess; +pub struct CreateIndex; -impl CreateAccess { +impl CreateIndex { /// Create a new Index with a default `admin` permission. /// /// Generates an unique index ID which is returned to the owner. @@ -57,9 +59,9 @@ impl CreateAccess { /// Returns an error if the query execution on the Findex server fails. pub async fn run(&self, rest_client: RestClient) -> CliResult { let response = rest_client - .create_access() + .create_index_id() .await - .with_context(|| "Can't execute the create access query on the findex server")?; + .with_context(|| "Can't execute the create index id query on the findex server")?; // should replace the user configuration file console::Stdout::new(&response.success).write()?; @@ -67,15 +69,15 @@ impl CreateAccess { } } -/// Grant access. +/// Grant permission on a index. /// /// This command can only be called by the owner of the index. It allows to /// grant: -/// * `reader` access: the user can only read the index -/// * `writer` access: the user can read and write the index -/// * `admin` access: the user can read, write and grant access to the index +/// * `read` permission: the user can only read the index +/// * `write` permission: the user can read and write the index +/// * `admin` permission: the user can read, write and grant permission to the index #[derive(Parser, Debug)] -pub struct GrantAccess { +pub struct GrantPermission { /// The user identifier to allow #[clap(long, required = true)] pub user: String, @@ -84,13 +86,12 @@ pub struct GrantAccess { #[clap(long, required = true)] pub index_id: String, - /// The permission to grant (`reader`, `writer`, `admin`) #[clap(long, required = true)] - pub permission: String, + pub permission: Permission, } -impl GrantAccess { - /// Runs the `GrantAccess` action. +impl GrantPermission { + /// Runs the `GrantPermission` action. /// /// # Arguments /// @@ -102,9 +103,9 @@ impl GrantAccess { /// Returns an error if the query execution on the Findex server fails. pub async fn run(&self, rest_client: RestClient) -> CliResult { let response = rest_client - .grant_access(&self.user, &self.permission, &self.index_id) + .grant_permission(&self.user, &self.permission, &self.index_id) .await - .with_context(|| "Can't execute the grant access query on the findex server")?; + .with_context(|| "Can't execute the grant permission query on the findex server")?; console::Stdout::new(&response.success).write()?; @@ -112,11 +113,11 @@ impl GrantAccess { } } -/// Revoke user access. +/// Revoke user permission. /// /// This command can only be called by the owner of the index. #[derive(Parser, Debug)] -pub struct RevokeAccess { +pub struct RevokePermission { /// The user identifier to revoke #[clap(long, required = true)] pub user: String, @@ -126,8 +127,8 @@ pub struct RevokeAccess { pub index_id: String, } -impl RevokeAccess { - /// Runs the `RevokeAccess` action. +impl RevokePermission { + /// Runs the `RevokePermission` action. /// /// # Arguments /// @@ -139,9 +140,9 @@ impl RevokeAccess { /// Returns an error if the query execution on the Findex server fails. pub async fn run(&self, rest_client: RestClient) -> CliResult { let response = rest_client - .revoke_access(&self.user, &self.index_id) + .revoke_permission(&self.user, &self.index_id) .await - .with_context(|| "Can't execute the revoke access query on the findex server")?; + .with_context(|| "Can't execute the revoke permission query on the findex server")?; console::Stdout::new(&response.success).write()?; diff --git a/crate/cli/src/error/mod.rs b/crate/cli/src/error/mod.rs index 038ccec..4ef3405 100644 --- a/crate/cli/src/error/mod.rs +++ b/crate/cli/src/error/mod.rs @@ -41,7 +41,7 @@ pub enum CliError { ServerError(String), // Any actions of the user which is not allowed - #[error("Access denied: {0}")] + #[error("Permission denied: {0}")] Unauthorized(String), // A cryptographic error diff --git a/crate/cli/src/main.rs b/crate/cli/src/main.rs index a20db72..878f67f 100644 --- a/crate/cli/src/main.rs +++ b/crate/cli/src/main.rs @@ -7,7 +7,7 @@ use cosmian_findex_cli::{ login::LoginAction, logout::LogoutAction, markdown::MarkdownAction, - permissions::AccessAction, + permissions::PermissionsAction, version::ServerVersionAction, }, error::result::CliResult, @@ -51,7 +51,7 @@ enum CliCommands { Login(LoginAction), Logout(LogoutAction), #[command(subcommand)] - AccessRights(AccessAction), + Permissions(PermissionsAction), /// Action to auto-generate doc in Markdown format /// Run `cargo run --bin findex -- markdown @@ -95,7 +95,7 @@ async fn main_() -> CliResult<()> { CliCommands::Delete(action) => action.delete(rest_client).await?, CliCommands::Search(action) => action.process(rest_client).await?, CliCommands::ServerVersion(action) => action.process(rest_client).await?, - CliCommands::AccessRights(action) => action.process(rest_client).await?, + CliCommands::Permissions(action) => action.process(rest_client).await?, _ => { tracing::error!("unexpected command"); } diff --git a/crate/cli/src/tests/findex/mod.rs b/crate/cli/src/tests/findex/mod.rs index 1a815f1..79df008 100644 --- a/crate/cli/src/tests/findex/mod.rs +++ b/crate/cli/src/tests/findex/mod.rs @@ -1,5 +1,6 @@ use add_or_delete::add_or_delete_cmd; use cosmian_logger::log_utils::log_init; +use cosmian_rest_client::Permission; use search::search_cmd; use test_findex_server::{ start_default_test_findex_server, start_default_test_findex_server_with_cert_auth, @@ -10,10 +11,10 @@ use uuid::Uuid; use crate::{ actions::{ findex::{add_or_delete::AddOrDeleteAction, search::SearchAction, FindexParameters}, - permissions::{GrantAccess, RevokeAccess}, + permissions::{GrantPermission, RevokePermission}, }, error::result::CliResult, - tests::permissions::{create_access_cmd, grant_access_cmd, revoke_access_cmd}, + tests::permissions::{create_index_id_cmd, grant_permission_cmd, revoke_permission_cmd}, }; pub(crate) mod add_or_delete; @@ -100,7 +101,7 @@ pub(crate) async fn test_findex_cert_auth() -> CliResult<()> { log_init(None); let ctx = start_default_test_findex_server_with_cert_auth().await; - let index_id = create_access_cmd(&ctx.owner_client_conf_path)?; + let index_id = create_index_id_cmd(&ctx.owner_client_conf_path)?; trace!("index_id: {index_id}"); add_search_delete(&ctx.owner_client_conf_path, &index_id)?; @@ -109,23 +110,22 @@ pub(crate) async fn test_findex_cert_auth() -> CliResult<()> { #[allow(clippy::panic_in_result_fn, clippy::unwrap_used)] #[tokio::test] -pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> { +pub(crate) async fn test_findex_grant_read_permission() -> CliResult<()> { log_init(None); let ctx = start_default_test_findex_server_with_cert_auth().await; - let index_id = create_access_cmd(&ctx.owner_client_conf_path)?; + let index_id = create_index_id_cmd(&ctx.owner_client_conf_path)?; trace!("index_id: {index_id}"); add(&ctx.owner_client_conf_path, &index_id)?; - // Grant read access to the client - grant_access_cmd( + // Grant read permission to the client + grant_permission_cmd( &ctx.owner_client_conf_path, - GrantAccess { + GrantPermission { user: "user.client@acme.com".to_owned(), index_id: index_id.clone(), - permission: "reader".to_owned(), /* todo(manu): use a mutual struct between server and - * client */ + permission: Permission::Read, }, )?; @@ -137,13 +137,13 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> { // ... but not write assert!(add(&ctx.user_client_conf_path, &index_id).is_err()); - // Grant write access - grant_access_cmd( + // Grant write permission + grant_permission_cmd( &ctx.owner_client_conf_path, - GrantAccess { + GrantPermission { user: "user.client@acme.com".to_owned(), index_id: index_id.clone(), - permission: "writer".to_owned(), + permission: Permission::Write, }, )?; @@ -155,20 +155,20 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> { // ... and write add(&ctx.user_client_conf_path, &index_id)?; - // Try to escalade privileges from `reader` to `admin` - grant_access_cmd( + // Try to escalade privileges from `read` to `admin` + grant_permission_cmd( &ctx.user_client_conf_path, - GrantAccess { + GrantPermission { user: "user.client@acme.com".to_owned(), index_id: index_id.clone(), - permission: "admin".to_owned(), + permission: Permission::Admin, }, ) .unwrap_err(); - revoke_access_cmd( + revoke_permission_cmd( &ctx.owner_client_conf_path, - RevokeAccess { + RevokePermission { user: "user.client@acme.com".to_owned(), index_id: index_id.clone(), }, @@ -181,7 +181,7 @@ pub(crate) async fn test_findex_grant_read_access() -> CliResult<()> { #[allow(clippy::panic_in_result_fn)] #[tokio::test] -pub(crate) async fn test_findex_no_access() -> CliResult<()> { +pub(crate) async fn test_findex_no_permission() -> CliResult<()> { log_init(None); let ctx = start_default_test_findex_server_with_cert_auth().await; diff --git a/crate/cli/src/tests/permissions.rs b/crate/cli/src/tests/permissions.rs index efa85d8..f9b4d6d 100644 --- a/crate/cli/src/tests/permissions.rs +++ b/crate/cli/src/tests/permissions.rs @@ -6,7 +6,7 @@ use regex::{Regex, RegexBuilder}; use tracing::{debug, trace}; use crate::{ - actions::permissions::{GrantAccess, RevokeAccess}, + actions::permissions::{GrantPermission, RevokePermission}, error::{result::CliResult, CliError}, tests::{utils::recover_cmd_logs, PROG_NAME}, }; @@ -24,12 +24,12 @@ pub(crate) fn extract_uid<'a>(text: &'a str, pattern: &'a str) -> Option<&'a str .and_then(|cap| cap.name("uid").map(|uid| uid.as_str())) } -pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult { +pub(crate) fn create_index_id_cmd(cli_conf_path: &str) -> CliResult { let mut cmd = Command::cargo_bin(PROG_NAME)?; let args = vec!["create".to_owned()]; cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path); - cmd.arg("access-rights").args(args); + cmd.arg("permissions").args(args); debug!("cmd: {:?}", cmd); let output = recover_cmd_logs(&mut cmd); if output.status.success() { @@ -37,7 +37,7 @@ pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult { trace!("findex_output: {}", findex_output); let unique_identifier = extract_uid( findex_output, - "New admin access successfully created on index", + "New admin permission successfully created on index", ) .ok_or_else(|| CliError::Default("failed extracting the unique identifier".to_owned()))?; return Ok(unique_identifier.to_owned()); @@ -48,7 +48,10 @@ pub(crate) fn create_access_cmd(cli_conf_path: &str) -> CliResult { } #[allow(dead_code)] -pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliResult { +pub(crate) fn grant_permission_cmd( + cli_conf_path: &str, + action: GrantPermission, +) -> CliResult { let mut cmd = Command::cargo_bin(PROG_NAME)?; let args = vec![ "grant".to_owned(), @@ -57,11 +60,11 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR "--index-id".to_owned(), action.index_id, "--permission".to_owned(), - action.permission, + action.permission.to_string(), ]; cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path); - cmd.arg("access-rights").args(args); + cmd.arg("permissions").args(args); debug!("cmd: {:?}", cmd); let output = recover_cmd_logs(&mut cmd); if output.status.success() { @@ -74,7 +77,10 @@ pub(crate) fn grant_access_cmd(cli_conf_path: &str, action: GrantAccess) -> CliR } #[allow(dead_code)] -pub(crate) fn revoke_access_cmd(cli_conf_path: &str, action: RevokeAccess) -> CliResult { +pub(crate) fn revoke_permission_cmd( + cli_conf_path: &str, + action: RevokePermission, +) -> CliResult { let mut cmd = Command::cargo_bin(PROG_NAME)?; let args = vec![ "revoke".to_owned(), @@ -85,7 +91,7 @@ pub(crate) fn revoke_access_cmd(cli_conf_path: &str, action: RevokeAccess) -> Cl ]; cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path); - cmd.arg("access-rights").args(args); + cmd.arg("permissions").args(args); debug!("cmd: {:?}", cmd); let output = recover_cmd_logs(&mut cmd); if output.status.success() { diff --git a/crate/client/Cargo.toml b/crate/client/Cargo.toml index 7cc6eca..0fe58ef 100644 --- a/crate/client/Cargo.toml +++ b/crate/client/Cargo.toml @@ -16,6 +16,7 @@ doctest = false [dependencies] base64 = { workspace = true } +clap = { workspace = true } der = { workspace = true } pem = { workspace = true } reqwest = { workspace = true, features = ["default", "json", "native-tls"] } diff --git a/crate/client/src/lib.rs b/crate/client/src/lib.rs index aa289a4..56ebea0 100644 --- a/crate/client/src/lib.rs +++ b/crate/client/src/lib.rs @@ -54,11 +54,13 @@ pub use error::ClientError; pub use file_utils::{ read_bytes_from_file, read_from_json_file, write_bytes_to_file, write_json_object_to_file, }; +pub use permission::Permission; pub use rest_client::RestClient; pub use result::{ClientResultHelper, RestClientResult}; mod config; mod error; mod file_utils; +mod permission; mod rest_client; mod result; diff --git a/crate/client/src/permission.rs b/crate/client/src/permission.rs new file mode 100644 index 0000000..e1b3f73 --- /dev/null +++ b/crate/client/src/permission.rs @@ -0,0 +1,21 @@ +use std::fmt::Display; + +use clap::ValueEnum; + +#[derive(Clone, Debug, ValueEnum)] +pub enum Permission { + Read = 0, + Write = 1, + Admin = 2, +} + +impl Display for Permission { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + let s = match self { + Self::Read => "read", + Self::Write => "write", + Self::Admin => "admin", + }; + write!(f, "{s}") + } +} diff --git a/crate/client/src/rest_client.rs b/crate/client/src/rest_client.rs index b8056c2..9f8da74 100644 --- a/crate/client/src/rest_client.rs +++ b/crate/client/src/rest_client.rs @@ -14,7 +14,7 @@ use tracing::{instrument, trace}; use crate::{ error::{result::ClientResult, ClientError}, - ClientResultHelper, + ClientResultHelper, Permission, }; #[derive(Clone)] @@ -97,10 +97,10 @@ impl RestClient { } #[instrument(ret(Display), err, skip(self))] - pub async fn create_access(&self) -> ClientResult { - let endpoint = "/access/create".to_owned(); + pub async fn create_index_id(&self) -> ClientResult { + let endpoint = "/create/index".to_owned(); let server_url = format!("{}{endpoint}", self.server_url); - trace!("POST create_access: {server_url}"); + trace!("POST create_index_id: {server_url}"); let response = self.client.post(server_url).send().await?; trace!("Response: {response:?}"); let status_code = response.status(); @@ -114,15 +114,15 @@ impl RestClient { } #[instrument(ret(Display), err, skip(self))] - pub async fn grant_access( + pub async fn grant_permission( &self, user_id: &str, - permission: &str, + permission: &Permission, index_id: &str, ) -> ClientResult { - let endpoint = format!("/access/grant/{user_id}/{permission}/{index_id}"); + let endpoint = format!("/permission/grant/{user_id}/{permission}/{index_id}"); let server_url = format!("{}{endpoint}", self.server_url); - trace!("POST grant_access: {server_url}"); + trace!("POST grant_permission: {server_url}"); let response = self.client.post(server_url).send().await?; let status_code = response.status(); if status_code.is_success() { @@ -135,14 +135,14 @@ impl RestClient { } #[instrument(ret(Display), err, skip(self))] - pub async fn revoke_access( + pub async fn revoke_permission( &self, user_id: &str, index_id: &str, ) -> ClientResult { - let endpoint = format!("/access/revoke/{user_id}/{index_id}"); + let endpoint = format!("/permission/revoke/{user_id}/{index_id}"); let server_url = format!("{}{endpoint}", self.server_url); - trace!("POST revoke_access: {server_url}"); + trace!("POST revoke_permission: {server_url}"); let response = self.client.post(server_url).send().await?; let status_code = response.status(); if status_code.is_success() { diff --git a/crate/server/src/core/permissions.rs b/crate/server/src/core/permissions.rs index 4d4bb4c..a955970 100644 --- a/crate/server/src/core/permissions.rs +++ b/crate/server/src/core/permissions.rs @@ -38,8 +38,8 @@ impl FromStr for Permission { fn from_str(s: &str) -> FResult { match s { - "reader" => Ok(Self::Read), - "writer" => Ok(Self::Write), + "read" => Ok(Self::Read), + "write" => Ok(Self::Write), "admin" => Ok(Self::Admin), _ => findex_server_bail!("Invalid permission: {}", s), } @@ -49,8 +49,8 @@ impl FromStr for Permission { impl Display for Permission { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { let s = match self { - Self::Read => "reader", - Self::Write => "writer", + Self::Read => "read", + Self::Write => "write", Self::Admin => "admin", }; write!(f, "{s}") diff --git a/crate/server/src/database/redis.rs b/crate/server/src/database/redis.rs index 5f2afed..fe744a5 100644 --- a/crate/server/src/database/redis.rs +++ b/crate/server/src/database/redis.rs @@ -258,7 +258,7 @@ impl Database for Redis { let uuid = Uuid::new_v4(); let key = user_id.as_bytes().to_vec(); let permissions = (self.get_permissions(user_id).await).map_or_else( - |_| Permissions::new(uuid, Permission::Admin), + |_error| Permissions::new(uuid, Permission::Admin), |mut permissions| { permissions.grant_permission(uuid, Permission::Admin); permissions @@ -276,7 +276,7 @@ impl Database for Redis { trace!("get_permissions: value: {:?}", value); let serialized_value = value.ok_or_else(|| { FindexServerError::Unauthorized(format!( - "No access for {user_id} since unwrapping serialized value failed" + "No permission for {user_id} since unwrapping serialized value failed" )) })?; Permissions::deserialize(&serialized_value) @@ -287,7 +287,9 @@ impl Database for Redis { async fn get_permission(&self, user_id: &str, index_id: &Uuid) -> FResult { let permissions = self.get_permissions(user_id).await?; let permission = permissions.get_permission(index_id).ok_or_else(|| { - FindexServerError::Unauthorized(format!("No access for {user_id} on index {index_id}")) + FindexServerError::Unauthorized(format!( + "No permission for {user_id} on index {index_id}" + )) })?; Ok(permission) diff --git a/crate/server/src/error/server.rs b/crate/server/src/error/server.rs index a42ff42..a772f13 100644 --- a/crate/server/src/error/server.rs +++ b/crate/server/src/error/server.rs @@ -33,7 +33,7 @@ pub enum FindexServerError { ClientConnectionError(String), // Any actions of the user which is not allowed - #[error("Access denied: {0}")] + #[error("Permission denied: {0}")] Unauthorized(String), // A failure originating from one of the cryptographic algorithms diff --git a/crate/server/src/findex_server.rs b/crate/server/src/findex_server.rs index 6565703..371e893 100644 --- a/crate/server/src/findex_server.rs +++ b/crate/server/src/findex_server.rs @@ -21,8 +21,8 @@ use crate::{ findex_server_bail, middlewares::{extract_peer_certificate, AuthTransformer, JwksManager, JwtConfig, SslAuth}, routes::{ - create_access, delete_chains, delete_entries, dump_tokens, fetch_chains, fetch_entries, - get_version, grant_access, insert_chains, revoke_access, upsert_entries, + create_index_id, delete_chains, delete_entries, dump_tokens, fetch_chains, fetch_entries, + get_version, grant_permission, insert_chains, revoke_permission, upsert_entries, }, }; @@ -255,10 +255,10 @@ pub(crate) async fn prepare_findex_server( .service(delete_entries) .service(delete_chains) .service(dump_tokens) - // Access rights endpoints - .service(create_access) - .service(grant_access) - .service(revoke_access) + // Permissions management endpoints + .service(create_index_id) + .service(grant_permission) + .service(revoke_permission) // Version endpoint .service(get_version); diff --git a/crate/server/src/routes/mod.rs b/crate/server/src/routes/mod.rs index cf6fb7d..7a648e6 100644 --- a/crate/server/src/routes/mod.rs +++ b/crate/server/src/routes/mod.rs @@ -8,6 +8,6 @@ pub(crate) use findex::{ delete_chains, delete_entries, dump_tokens, fetch_chains, fetch_entries, insert_chains, upsert_entries, }; -pub(crate) use permissions::{create_access, grant_access, revoke_access}; +pub(crate) use permissions::{create_index_id, grant_permission, revoke_permission}; pub(crate) use utils::get_index_id; pub(crate) use version::get_version; diff --git a/crate/server/src/routes/permissions.rs b/crate/server/src/routes/permissions.rs index af54852..a004a7c 100644 --- a/crate/server/src/routes/permissions.rs +++ b/crate/server/src/routes/permissions.rs @@ -19,38 +19,38 @@ struct SuccessResponse { pub success: String, } -#[post("/access/create")] -pub(crate) async fn create_access( +#[post("/create/index")] +pub(crate) async fn create_index_id( req: HttpRequest, findex_server: Data>, ) -> FResult> { let user = findex_server.get_user(&req); - info!("user {user}: POST /access/create"); + info!("user {user}: POST /permission/create"); - // Check if the user has the right to grant access: only admins can do that + // Check if the user has the right to grant permission: only admins can do that let index_id = findex_server.db.create_index_id(&user).await?; Ok(Json(SuccessResponse { - success: format!("[{user}] New admin access successfully created on index: {index_id}"), + success: format!("[{user}] New admin permission successfully created on index: {index_id}"), })) } -#[post("/access/grant/{user_id}/{permission}/{index_id}")] -pub(crate) async fn grant_access( +#[post("/permission/grant/{user_id}/{permission}/{index_id}")] +pub(crate) async fn grant_permission( req: HttpRequest, params: web::Path<(String, String, String)>, findex_server: Data>, ) -> FResult> { let user = findex_server.get_user(&req); let (user_id, permission, index_id) = params.into_inner(); - info!("user {user}: POST /access/grant/{user_id}/{permission}/{index_id}"); + info!("user {user}: POST /permission/grant/{user_id}/{permission}/{index_id}"); - // Check if the user has the right to grant access: only admins can do that + // Check if the user has the right to grant permission: only admins can do that let user_permission = findex_server.get_permission(&user, &index_id).await?; if Permission::Admin != user_permission { return Err(FindexServerError::Unauthorized(format!( - "Delegating access to an index requires an admin permission. User {user} with \ - permission {user_permission} does not allow granting access to index {index_id} with \ + "Delegating permission to an index requires an admin permission. User {user} with \ + permission {user_permission} does not allow granting permission to index {index_id} with \ permission {permission}", ))); } @@ -65,26 +65,28 @@ pub(crate) async fn grant_access( .await?; Ok(Json(SuccessResponse { - success: format!("[{user_id}] Access {permission} on index {index_id} successfully added"), + success: format!( + "[{user_id}] permission {permission} on index {index_id} successfully added" + ), })) } -#[post("/access/revoke/{user_id}/{index_id}")] -pub(crate) async fn revoke_access( +#[post("/permission/revoke/{user_id}/{index_id}")] +pub(crate) async fn revoke_permission( req: HttpRequest, params: web::Path<(String, String)>, findex_server: Data>, ) -> FResult> { let user = findex_server.get_user(&req); let (user_id, index_id) = params.into_inner(); - info!("user {user}: POST /access/revoke/{user_id}/{index_id}"); + info!("user {user}: POST /permission/revoke/{user_id}/{index_id}"); - // Check if the user has the right to revoke access: only admins can do that + // Check if the user has the right to revoke permission: only admins can do that let user_permission = findex_server.get_permission(&user, &index_id).await?; if Permission::Admin != user_permission { return Err(FindexServerError::Unauthorized(format!( - "Revoking access to an index requires an admin permission. User {user} with \ - permission {user_permission} does not allow revoking access to index {index_id}", + "Revoking permission to an index requires an admin permission. User {user} with \ + permission {user_permission} does not allow revoking permission to index {index_id}", ))); } @@ -94,6 +96,6 @@ pub(crate) async fn revoke_access( .await?; Ok(Json(SuccessResponse { - success: format!("Access for {user_id} on index {index_id} successfully added"), + success: format!("Permission for {user_id} on index {index_id} successfully added"), })) }