manta_server/server/common/
authorization.rs1use manta_backend_dispatcher::{
4 error::Error, interfaces::hsm::group::GroupTrait,
5};
6
7use crate::manta_backend_dispatcher::StaticBackendDispatcher;
8
9pub async fn get_groups_names_available(
11 backend: &StaticBackendDispatcher,
12 auth_token: &str,
13 group_cli_arg_opt: Option<&str>,
14 group_env_or_config_file_opt: Option<&str>,
15) -> Result<Vec<String>, Error> {
16 let hsm_name_available_vec =
17 backend.get_group_name_available(auth_token).await?;
18
19 let target_hsm_group_opt = if group_cli_arg_opt.is_some() {
20 group_cli_arg_opt
21 } else {
22 group_env_or_config_file_opt
23 };
24
25 if let Some(target_hsm_group) = target_hsm_group_opt {
26 if !hsm_name_available_vec
27 .iter()
28 .any(|name| name == target_hsm_group)
29 {
30 let mut hsm_name_available_vec = hsm_name_available_vec;
31 hsm_name_available_vec.sort();
32 return Err(Error::BadRequest(format!(
33 "Can't access HSM group '{}'.\nPlease choose one \
34 from the list below:\n{}",
35 target_hsm_group,
36 hsm_name_available_vec.join(", ")
37 )));
38 }
39
40 Ok(vec![target_hsm_group.to_string()])
41 } else {
42 Ok(hsm_name_available_vec)
43 }
44}
45
46pub async fn validate_target_hsm_members(
48 backend: &StaticBackendDispatcher,
49 shasta_token: &str,
50 hsm_group_members_opt: &[String],
51) -> Result<Vec<String>, Error> {
52 let hsm_groups_user_has_access =
53 backend.get_group_name_available(shasta_token).await?;
54
55 let all_xnames_user_has_access = backend
56 .get_member_vec_from_group_name_vec(
57 shasta_token,
58 &hsm_groups_user_has_access,
59 )
60 .await?;
61
62 if hsm_group_members_opt
63 .iter()
64 .all(|hsm_member| all_xnames_user_has_access.contains(hsm_member))
65 {
66 Ok(hsm_group_members_opt.to_vec())
67 } else {
68 Err(Error::BadRequest(format!(
69 "Can't access all or any of the HSM members \
70 '{}'.\nPlease choose members form the list \
71 of HSM groups below:\n{}",
72 hsm_group_members_opt.join(", "),
73 hsm_groups_user_has_access.join(", ")
74 )))
75 }
76}