feat: implement User

Author: Iron-E

src/server/auth/context.rs

@@ -0,0 +1,9 @@
+//! Contains the [`auth`](super) [`Context`] which is used by the [server](crate::server).
+
+use axum_login::{extractors::AuthContext, SqlxStore};
+use sqlx::Pool;
+
+use super::User;
+
+/// The [`AuthContext`] used by the [`winvoice_server::server`].
+pub type Context<Db> = AuthContext<String, User, SqlxStore<Pool<Db>, User, String>, String>;

src/server/auth/init_users_table.rs

@@ -20,6 +20,21 @@ impl InitUsersTable for sqlx::Postgres
 	where
 		C: Executor<'conn, Database = Self>,
 	{
+		sqlx::query!(
+			"CREATE TABLE IF NOT EXISTS users
+			(
+				employee_id bigint REFERENCES employees(id),
+				id bigint PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
+				role text DEFAULT 'guest',
+				password text NOT NULL,
+				username text NOT NULL,
+
+				CONSTRAINT users__username_uq UNIQUE (username)
+			);"
+		)
+		.execute(connection)
+		.await?;
+
 		Ok(())
 	}
 }

src/server/auth/mod.rs

@@ -1,6 +1,9 @@
 //! Contains data and algorithms used for authenticating users.
 
+mod context;
 mod init_users_table;
 mod user;
 
+pub use context::Context;
 pub use init_users_table::InitUsersTable;
+pub use user::User;

src/server/auth/user.rs

@@ -1 +1,73 @@
 //! Contains the definition for what a [`User`] row in the [`Database`](sqlx::Database) is.
+
+#![allow(clippy::std_instead_of_core)]
+
+mod auth_user;
+
+use sqlx::FromRow;
+use winvoice_schema::Id;
+
+/// Corresponds to the `users` table in the [`winvoice-server`](crate) database.
+#[derive(Clone, Debug, Default, Eq, FromRow, Hash, Ord, PartialEq, PartialOrd)]
+pub struct User
+{
+	/// The [`User`]'s [`Employee`](winvoice_schema::Employee) [`Id`], if they are employed.
+	employee_id: Option<Id>,
+
+	/// The [`Id`] of the [`User`].
+	id: Id,
+
+	/// The role of the [`User`]. Controls permissions.
+	role: String,
+
+	/// Get the [`User`]'s [`argon2`]-hashed password.
+	password: String,
+
+	/// Get the [`User`]'s username.
+	username: String,
+}
+
+impl User
+{
+	/// Create a new [`User`].
+	pub const fn new(
+		employee_id: Option<Id>,
+		id: Id,
+		role: String,
+		password: String,
+		username: String,
+	) -> Self
+	{
+		Self { employee_id, id, role, password, username }
+	}
+
+	/// The [`User`]'s [`Employee`](winvoice_schema::Employee) [`Id`], if they are employed.
+	pub const fn employee_id(&self) -> Option<i64>
+	{
+		self.employee_id
+	}
+
+	/// The [`Id`] of the [`User`].
+	pub const fn id(&self) -> i64
+	{
+		self.id
+	}
+
+	/// The role of the [`User`]. Controls permissions.
+	pub fn role(&self) -> &str
+	{
+		self.role.as_ref()
+	}
+
+	/// Get the [`User`]'s [`argon2`]-hashed password.
+	pub fn password(&self) -> &str
+	{
+		self.password.as_ref()
+	}
+
+	/// Get the [`User`]'s username.
+	pub fn username(&self) -> &str
+	{
+		self.username.as_ref()
+	}
+}

src/server/auth/user/auth_user.rs

@@ -0,0 +1,23 @@
+//! Contains an implementation of [`AuthUser`] for [`User`].
+
+use axum_login::{secrecy::SecretVec, AuthUser};
+
+use super::User;
+
+impl AuthUser<String, String> for User
+{
+	fn get_id(&self) -> String
+	{
+		self.username.clone()
+	}
+
+	fn get_password_hash(&self) -> SecretVec<u8>
+	{
+		SecretVec::new(Vec::from(self.password()))
+	}
+
+	fn get_role(&self) -> Option<String>
+	{
+		Some(self.role.clone())
+	}
+}

src/server/state.rs

@@ -2,9 +2,10 @@
 
 mod clone;
 
-use casbin::{CoreApi, EnforceArgs, Enforcer};
+use casbin::{CoreApi, Enforcer};
 use sqlx::{Database, Pool};
 
+use super::auth::User;
 use crate::{
 	lock::Lock,
 	permissions::{Action, Object},
@@ -33,16 +34,18 @@ where
 	}
 
 	/// Check whether `subject` has permission to `action` on `object`.
-	pub async fn has_permission<TSubject>(
+	pub async fn has_permission(
 		&self,
-		subject: TSubject,
+		user: User,
 		object: Object,
 		action: Action,
 	) -> casbin::Result<bool>
-	where
-		(TSubject, Object, Action): EnforceArgs,
 	{
-		self.permissions.read().await.enforce((subject, object, action))
+		let permissions = self.permissions.read().await;
+		let has_permission = permissions.enforce((user.username(), object, action))? ||
+			permissions.enforce((user.role(), object, action))?;
+
+		Ok(has_permission)
 	}
 
 	/// Get the [`Pool`] of connections to the [`Database`].