fix: permissions on datasets (add/del/get)

Cosmian · Nov 15, 2024 · 8f976c3 · 8f976c3
1 parent f8fea53
commit 8f976c3
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/crate/server/src/config/command_line/db.rs b/crate/server/src/config/command_line/db.rs
@@ -21,17 +21,15 @@ pub struct DBConfig {
     /// The database type of the Findex server
     /// - sqlite: `SQLite`. The data will be stored at the `sqlite_path`
     ///   directory
-    /// - redis-findex: a Redis database with encrypted data and encrypted
-    ///   indexes thanks to Findex. The Redis url must be provided, as well as
-    ///   the redis-master-password and the redis-findex-label
+    /// - redis: Redis database. The Redis url must be provided
     #[clap(long, env("FINDEX_SERVER_DATABASE_TYPE"), verbatim_doc_comment)]
     pub database_type: Option<DatabaseType>,
 
     /// The url of the database for findex-redis
     #[clap(
         long,
         env = "FINDEX_SERVER_DATABASE_URL",
-        required_if_eq_any([("database_type", "redis-findex")]),
+        required_if_eq_any([("database_type", "redis")]),
         default_value = "redis://localhost:6379"
     )]
     pub database_url: Option<String>,

diff --git a/crate/server/src/routes/datasets.rs b/crate/server/src/routes/datasets.rs
@@ -32,7 +32,7 @@ pub(crate) async fn datasets_add_entries(
 ) -> FResult<Json<SuccessResponse>> {
     let user = findex_server.get_user(&req);
     info!("user {user}: POST /datasets/{index_id}/add_entries");
-    check_permission(&user, &index_id, Permission::Read, &findex_server).await?;
+    check_permission(&user, &index_id, Permission::Write, &findex_server).await?;
 
     let encrypted_entries = EncryptedEntries::deserialize(&bytes.into_iter().collect::<Vec<_>>())?;
     trace!(
@@ -63,7 +63,7 @@ pub(crate) async fn datasets_del_entries(
 ) -> FResult<Json<SuccessResponse>> {
     let user = findex_server.get_user(&req);
     info!("user {user}: POST /datasets/{index_id}/delete_entries");
-    check_permission(&user, &index_id, Permission::Read, &findex_server).await?;
+    check_permission(&user, &index_id, Permission::Write, &findex_server).await?;
 
     let uuids = Uuids::deserialize(&bytes.into_iter().collect::<Vec<_>>())?;
     trace!("delete_entries: number of uuids: {}:", uuids.len());
@@ -89,7 +89,7 @@ pub(crate) async fn datasets_get_entries(
 ) -> ResponseBytes {
     let user = findex_server.get_user(&req);
     info!("user {user}: POST /datasets/{index_id}/get_entries",);
-    check_permission(&user, &index_id, Permission::Write, &findex_server).await?;
+    check_permission(&user, &index_id, Permission::Read, &findex_server).await?;
 
     let uuids = Uuids::deserialize(&bytes.into_iter().collect::<Vec<_>>())?;
     trace!("get_entries: number of uuids: {}:", uuids.len());

diff --git a/crate/structs/src/encrypted_entries.rs b/crate/structs/src/encrypted_entries.rs
@@ -8,7 +8,7 @@ use base64::{engine::general_purpose, Engine};
 use cloudproof_findex::reexport::cosmian_crypto_core::bytes_ser_de::{Deserializer, Serializer};
 use uuid::Uuid;
 
-use crate::error::result::StructsResult;
+use crate::{error::result::StructsResult, Uuids};
 
 pub(crate) const UUID_LENGTH: usize = 16;
 
@@ -84,6 +84,10 @@ impl EncryptedEntries {
         }
     }
 
+    pub fn get_uuids(&self) -> Uuids {
+        Uuids::from(self.entries.keys().cloned().collect::<Vec<_>>())
+    }
+
     pub fn serialize(&self) -> StructsResult<Vec<u8>> {
         let mut ser = Serializer::with_capacity(self.len());
         ser.write_leb128_u64(self.len() as u64)?;