models/user: Move User::rights() fn into controllers::helpers module

Turbo87 · Turbo87 · commit bf4dca8e7197 · 2025-02-15T17:48:43.000+01:00
diff --git a/src/controllers/crate_owner_invitation.rs b/src/controllers/crate_owner_invitation.rs
@@ -1,9 +1,10 @@
 use crate::app::AppState;
 use crate::auth::AuthCheck;
 use crate::auth::Authentication;
+use crate::controllers::helpers::authorization::Rights;
 use crate::controllers::helpers::pagination::{Page, PaginationOptions, PaginationQueryParams};
 use crate::models::crate_owner_invitation::AcceptError;
-use crate::models::{Crate, CrateOwnerInvitation, Rights, User};
+use crate::models::{Crate, CrateOwnerInvitation, User};
 use crate::schema::{crate_owner_invitations, crates, users};
 use crate::util::errors::{bad_request, custom, forbidden, internal, AppResult, BoxedAppError};
 use crate::util::RequestUtils;
@@ -157,7 +158,7 @@ async fn prepare_list(
                 // Only allow crate owners to query pending invitations for their crate.
                 let krate: Crate = Crate::by_name(&crate_name).first(conn).await?;
                 let owners = krate.owners(conn).await?;
-                if user.rights(&*state.github, &owners).await? != Rights::Full {
+                if Rights::get(user, &*state.github, &owners).await? != Rights::Full {
                     let detail = "only crate owners can query pending invitations for their crate";
                     return Err(forbidden(detail));
                 }
diff --git a/src/controllers/helpers.rs b/src/controllers/helpers.rs
@@ -2,6 +2,7 @@ use crate::util::errors::AppResult;
 use axum::response::{IntoResponse, Response};
 use axum_extra::json;
 
+pub mod authorization;
 pub(crate) mod pagination;
 
 pub(crate) use self::pagination::Paginate;
diff --git a/src/controllers/helpers/authorization.rs b/src/controllers/helpers/authorization.rs
@@ -0,0 +1,57 @@
+use crate::models::{Owner, User};
+use crates_io_github::{GitHubClient, GitHubError};
+use oauth2::AccessToken;
+use secrecy::ExposeSecret;
+
+/// Access rights to the crate (publishing and ownership management)
+/// NOTE: The order of these variants matters!
+#[derive(PartialEq, Eq, PartialOrd, Ord, Debug, Clone, Copy)]
+pub enum Rights {
+    None,
+    Publish,
+    Full,
+}
+
+impl Rights {
+    /// Given this set of owners, determines the strongest rights the
+    /// user has.
+    ///
+    /// Short-circuits on `Full` because you can't beat it. In practice, we'll always
+    /// see `[user, user, user, ..., team, team, team]`, so we could shortcircuit on
+    /// `Publish` as well, but this is a non-obvious invariant so we don't bother.
+    /// Sweet free optimization if teams are proving burdensome to check.
+    /// More than one team isn't really expected, though.
+    pub async fn get(
+        user: &User,
+        gh_client: &dyn GitHubClient,
+        owners: &[Owner],
+    ) -> Result<Self, GitHubError> {
+        let token = AccessToken::new(user.gh_access_token.expose_secret().to_string());
+
+        let mut best = Self::None;
+        for owner in owners {
+            match *owner {
+                Owner::User(ref other_user) => {
+                    if other_user.id == user.id {
+                        return Ok(Self::Full);
+                    }
+                }
+                Owner::Team(ref team) => {
+                    // Phones home to GitHub to ask if this User is a member of the given team.
+                    // Note that we're assuming that the given user is the one interested in
+                    // the answer. If this is not the case, then we could accidentally leak
+                    // private membership information here.
+                    let is_team_member = gh_client
+                        .team_membership(team.org_id, team.github_id, &user.gh_login, &token)
+                        .await?
+                        .is_some_and(|m| m.is_active());
+
+                    if is_team_member {
+                        best = Self::Publish;
+                    }
+                }
+            }
+        }
+        Ok(best)
+    }
+}
diff --git a/src/controllers/krate/delete.rs b/src/controllers/krate/delete.rs
@@ -1,8 +1,9 @@
 use crate::app::AppState;
 use crate::auth::AuthCheck;
+use crate::controllers::helpers::authorization::Rights;
 use crate::controllers::krate::CratePath;
 use crate::email::Email;
-use crate::models::{NewDeletedCrate, Rights};
+use crate::models::NewDeletedCrate;
 use crate::schema::{crate_downloads, crates, dependencies};
 use crate::util::errors::{custom, AppResult, BoxedAppError};
 use crate::worker::jobs;
@@ -68,7 +69,7 @@ pub async fn delete_crate(
     // Check that the user is an owner of the crate (team owners are not allowed to delete crates)
     let user = auth.user();
     let owners = krate.owners(&mut conn).await?;
-    match user.rights(&*app.github, &owners).await? {
+    match Rights::get(user, &*app.github, &owners).await? {
         Rights::Full => {}
         Rights::Publish => {
             let msg = "team members don't have permission to delete crates";
diff --git a/src/controllers/krate/owners.rs b/src/controllers/krate/owners.rs
@@ -1,12 +1,13 @@
 //! All routes related to managing owners of a crate
 
+use crate::controllers::helpers::authorization::Rights;
 use crate::controllers::krate::CratePath;
 use crate::models::krate::OwnerRemoveError;
 use crate::models::{
     krate::NewOwnerInvite, token::EndpointScope, CrateOwner, NewCrateOwnerInvitation,
     NewCrateOwnerInvitationOutcome, NewTeam,
 };
-use crate::models::{Crate, Owner, Rights, Team, User};
+use crate::models::{Crate, Owner, Team, User};
 use crate::util::errors::{bad_request, crate_not_found, custom, AppResult, BoxedAppError};
 use crate::views::EncodableOwner;
 use crate::{app::AppState, App};
@@ -177,7 +178,7 @@ async fn modify_owners(
 
                 let owners = krate.owners(conn).await?;
 
-                match user.rights(&*app.github, &owners).await? {
+                match Rights::get(user, &*app.github, &owners).await? {
                     Rights::Full => {}
                     // Yes!
                     Rights::Publish => {
diff --git a/src/controllers/krate/publish.rs b/src/controllers/krate/publish.rs
@@ -28,9 +28,10 @@ use url::Url;
 
 use crate::models::{
     default_versions::Version as DefaultVersion, Category, Crate, DependencyKind, Keyword,
-    NewCrate, NewVersion, NewVersionOwnerAction, Rights, VersionAction,
+    NewCrate, NewVersion, NewVersionOwnerAction, VersionAction,
 };
 
+use crate::controllers::helpers::authorization::Rights;
 use crate::licenses::parse_license_expr;
 use crate::middleware::log_request::RequestLogExt;
 use crate::models::token::EndpointScope;
@@ -356,7 +357,7 @@ pub async fn publish(app: AppState, req: Parts, body: Body) -> AppResult<Json<Go
         };
 
         let owners = krate.owners(conn).await?;
-        if user.rights(&*app.github, &owners).await? < Rights::Publish {
+        if Rights::get(user, &*app.github, &owners).await? < Rights::Publish {
             return Err(custom(StatusCode::FORBIDDEN, MISSING_RIGHTS_ERROR_MESSAGE));
         }
 
diff --git a/src/controllers/version/update.rs b/src/controllers/version/update.rs
@@ -1,10 +1,9 @@
 use super::CrateVersionPath;
 use crate::app::AppState;
 use crate::auth::{AuthCheck, Authentication};
+use crate::controllers::helpers::authorization::Rights;
 use crate::models::token::EndpointScope;
-use crate::models::{
-    Crate, NewVersionOwnerAction, Rights, Version, VersionAction, VersionOwnerAction,
-};
+use crate::models::{Crate, NewVersionOwnerAction, Version, VersionAction, VersionOwnerAction};
 use crate::rate_limiter::LimitedAction;
 use crate::schema::versions;
 use crate::util::errors::{bad_request, custom, AppResult};
@@ -122,7 +121,7 @@ pub async fn perform_version_yank_update(
 
     let yanked = yanked.unwrap_or(version.yanked);
 
-    if user.rights(&*state.github, &owners).await? < Rights::Publish {
+    if Rights::get(user, &*state.github, &owners).await? < Rights::Publish {
         if user.is_admin {
             let action = if yanked { "yanking" } else { "unyanking" };
             warn!(
diff --git a/src/models.rs b/src/models.rs
@@ -12,7 +12,6 @@ pub use self::follow::Follow;
 pub use self::keyword::{CrateKeyword, Keyword};
 pub use self::krate::{Crate, CrateName, NewCrate, RecentCrateDownloads};
 pub use self::owner::{CrateOwner, Owner, OwnerKind};
-pub use self::rights::Rights;
 pub use self::team::{NewTeam, Team};
 pub use self::token::ApiToken;
 pub use self::user::{NewUser, User};
@@ -32,7 +31,6 @@ mod follow;
 mod keyword;
 pub mod krate;
 mod owner;
-mod rights;
 pub mod team;
 pub mod token;
 pub mod user;
diff --git a/src/models/rights.rs b/src/models/rights.rs
diff --git a/src/models/user.rs b/src/models/user.rs
@@ -5,13 +5,11 @@ use diesel::prelude::*;
 use diesel::sql_types::Integer;
 use diesel::upsert::excluded;
 use diesel_async::{AsyncPgConnection, RunQueryDsl};
-use oauth2::AccessToken;
-use secrecy::{ExposeSecret, SecretString};
+use secrecy::SecretString;
 
-use crate::models::{Crate, CrateOwner, Email, Owner, OwnerKind, Rights};
+use crate::models::{Crate, CrateOwner, Email, Owner, OwnerKind};
 use crate::schema::{crate_owners, emails, users};
 use crates_io_diesel_helpers::lower;
-use crates_io_github::{GitHubClient, GitHubError};
 
 /// The model representing a row in the `users` database table.
 #[derive(Clone, Debug, Queryable, Identifiable, Selectable)]
@@ -56,48 +54,6 @@ impl User {
         Ok(users.collect())
     }
 
-    /// Given this set of owners, determines the strongest rights the
-    /// user has.
-    ///
-    /// Shortcircuits on `Full` because you can't beat it. In practice we'll always
-    /// see `[user, user, user, ..., team, team, team]`, so we could shortcircuit on
-    /// `Publish` as well, but this is a non-obvious invariant so we don't bother.
-    /// Sweet free optimization if teams are proving burdensome to check.
-    /// More than one team isn't really expected, though.
-    pub async fn rights(
-        &self,
-        gh_client: &dyn GitHubClient,
-        owners: &[Owner],
-    ) -> Result<Rights, GitHubError> {
-        let token = AccessToken::new(self.gh_access_token.expose_secret().to_string());
-
-        let mut best = Rights::None;
-        for owner in owners {
-            match *owner {
-                Owner::User(ref other_user) => {
-                    if other_user.id == self.id {
-                        return Ok(Rights::Full);
-                    }
-                }
-                Owner::Team(ref team) => {
-                    // Phones home to GitHub to ask if this User is a member of the given team.
-                    // Note that we're assuming that the given user is the one interested in
-                    // the answer. If this is not the case, then we could accidentally leak
-                    // private membership information here.
-                    let is_team_member = gh_client
-                        .team_membership(team.org_id, team.github_id, &self.gh_login, &token)
-                        .await?
-                        .is_some_and(|m| m.is_active());
-
-                    if is_team_member {
-                        best = Rights::Publish;
-                    }
-                }
-            }
-        }
-        Ok(best)
-    }
-
     /// Queries the database for the verified emails
     /// belonging to a given user
     pub async fn verified_email(
