services/access_control/enclave/src/service.rs - incubator-teaclave - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 use crate::acs::init_memory_enforcer;
 use crate::error::TeaclavAccessControlError;
 use teaclave_proto::teaclave_access_control_service::*;
 use teaclave_rpc::{Request, Response};
 use teaclave_types::TeaclaveServiceResponseResult;

 use std::sync::{Arc, RwLock};

 use casbin::{CoreApi, Enforcer};

 #[derive(Clone)]
 pub(crate) struct TeaclaveAccessControlService {
     api_enforcer: Arc<RwLock<Enforcer>>,
 }

 impl TeaclaveAccessControlService {
     pub(crate) async fn new() -> Self {
         let api_enforcer = Arc::new(RwLock::new(init_memory_enforcer().await.unwrap()));
         TeaclaveAccessControlService { api_enforcer }
     }
 }

 #[teaclave_rpc::async_trait]
 impl TeaclaveAccessControl for TeaclaveAccessControlService {
     async fn authorize_api(
         &self,
         request: Request<AuthorizeApiRequest>,
     ) -> TeaclaveServiceResponseResult<AuthorizeApiResponse> {
         let e = self.api_enforcer.read().unwrap();
         let request = request.into_inner();

         let accept = e
             .enforce((request.user_role, request.api))
             .map_err(|_| TeaclavAccessControlError::AccessControlError)?;

         Ok(Response::new(AuthorizeApiResponse { accept }))
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	use crate::acs::init_memory_enforcer;
	use crate::error::TeaclavAccessControlError;
	use teaclave_proto::teaclave_access_control_service::*;
	use teaclave_rpc::{Request, Response};
	use teaclave_types::TeaclaveServiceResponseResult;

	use std::sync::{Arc, RwLock};

	use casbin::{CoreApi, Enforcer};

	#[derive(Clone)]
	pub(crate) struct TeaclaveAccessControlService {
	api_enforcer: Arc<RwLock<Enforcer>>,
	}

	impl TeaclaveAccessControlService {
	pub(crate) async fn new() -> Self {
	let api_enforcer = Arc::new(RwLock::new(init_memory_enforcer().await.unwrap()));
	TeaclaveAccessControlService { api_enforcer }
	}
	}

	#[teaclave_rpc::async_trait]
	impl TeaclaveAccessControl for TeaclaveAccessControlService {
	async fn authorize_api(
	&self,
	request: Request<AuthorizeApiRequest>,
	) -> TeaclaveServiceResponseResult<AuthorizeApiResponse> {
	let e = self.api_enforcer.read().unwrap();
	let request = request.into_inner();

	let accept = e
	.enforce((request.user_role, request.api))
	.map_err(\|_\| TeaclavAccessControlError::AccessControlError)?;

	Ok(Response::new(AuthorizeApiResponse { accept }))
	}
	}