Skip to content

Commit

Permalink
Add storage permissions to UserDetail
Browse files Browse the repository at this point in the history
This extends the UserDetail trait with a storage_permissions
method that allow storage back-ends to limit what a user can
do.
  • Loading branch information
hannesdejager committed May 15, 2024
1 parent 0c03169 commit b71a2cb
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/auth/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,4 +63,4 @@ pub(crate) mod authenticator;
pub use authenticator::{AuthenticationError, Authenticator, ClientCert, Credentials};

mod user;
pub use user::{DefaultUser, UserDetail};
pub use user::{DefaultUser, StoragePermissions, UserDetail};
34 changes: 34 additions & 0 deletions src/auth/user.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use bitflags::bitflags;
use std::{
fmt::{self, Debug, Display, Formatter},
path::Path,
Expand Down Expand Up @@ -27,6 +28,39 @@ pub trait UserDetail: Send + Sync + Display + Debug {
fn home(&self) -> Option<&Path> {
None
}

/// Tells what the user is authorised to do in terms of FTP filesystem operations.
///
/// The default implementation gives all permissions.
fn storage_permissions(&self) -> StoragePermissions {
StoragePermissions::all()
}
}

bitflags! {
/// The FTP operations that can be enabled/disabled for the storage back-end.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct StoragePermissions: u32 {
/// If set allows FTP make directory
const MK_DIR = 0b00000001;
/// If set allows FTP remove directory
const RM_DIR = 0b00000010;
/// If set allows FTP GET i.e. clients can download files.
const GET = 0b00000100;
/// If set allows FTP PUT i.e. clients can upload files.
const PUT = 0b00001000;
/// If set allows FTP DELE i.e. clients can remove files.
const DEL = 0b00010000;
/// If set allows FTP RENAME i.e. clients can rename directories and files
const RENAME = 0b00100000;
/// If set allows the extended SITE MD5 command to calculate checksums
const MD5 = 0b01000000;
/// If set allows clients to list the contents of a directory.
const LIST = 0b10000000;

/// Convenience aggregation of all the write operation bits.
const WRITE_OPS = Self::MK_DIR.bits() | Self::RM_DIR.bits() | Self::PUT.bits() | Self::DEL.bits() | Self::RENAME.bits();
}
}

/// DefaultUser is a default implementation of the `UserDetail` trait that doesn't hold any user
Expand Down
2 changes: 1 addition & 1 deletion src/storage/storage_backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ pub trait Metadata {
}
}

/// Represents the permissions of a _FTP File_
/// Represents the permissions of an _FTP File_
pub struct Permissions(pub u32);

const PERM_READ: u32 = 0b100100100;
Expand Down

0 comments on commit b71a2cb

Please sign in to comment.