feat: [#615] authorization service implemented for ban user handler

torrust · Jun 17, 2024 · e9cd419 · e9cd419
1 parent 4175c57
commit e9cd419
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 11 deletions.
diff --git a/casbin/policy.csv b/casbin/policy.csv
@@ -4,4 +4,5 @@ p, true, GetSettings
 p, true, GetSettingsSecret
 p, true, AddTag
 p, true, DeleteTag
-p, true, DeleteTorrent
+p, true, DeleteTorrent
+p, true, BanUser
diff --git a/src/app.rs b/src/app.rs
@@ -127,9 +127,9 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
         user_authentication_repository.clone(),
     ));
     let ban_service = Arc::new(user::BanService::new(
-        user_repository.clone(),
         user_profile_repository.clone(),
         banned_user_list.clone(),
+        authorization_service.clone(),
     ));
     let authentication_service = Arc::new(Service::new(
         configuration.clone(),

diff --git a/src/services/user.rs b/src/services/user.rs
@@ -11,6 +11,7 @@ use pbkdf2::password_hash::rand_core::OsRng;
 use tracing::{debug, info};
 
 use super::authentication::DbUserAuthenticationRepository;
+use super::authorization::{self, ACTION};
 use crate::config::{Configuration, EmailOnSignup};
 use crate::databases::database::{Database, Error};
 use crate::errors::ServiceError;
@@ -237,22 +238,22 @@ impl ProfileService {
 }
 
 pub struct BanService {
-    user_repository: Arc<Box<dyn Repository>>,
     user_profile_repository: Arc<DbUserProfileRepository>,
     banned_user_list: Arc<DbBannedUserList>,
+    authorization_service: Arc<authorization::Service>,
 }
 
 impl BanService {
     #[must_use]
     pub fn new(
-        user_repository: Arc<Box<dyn Repository>>,
         user_profile_repository: Arc<DbUserProfileRepository>,
         banned_user_list: Arc<DbBannedUserList>,
+        authorization_service: Arc<authorization::Service>,
     ) -> Self {
         Self {
-            user_repository,
             user_profile_repository,
             banned_user_list,
+            authorization_service,
         }
     }
 
@@ -268,12 +269,7 @@ impl BanService {
     pub async fn ban_user(&self, username_to_be_banned: &str, user_id: &UserId) -> Result<(), ServiceError> {
         debug!("user with ID {user_id} banning username: {username_to_be_banned}");
 
-        let user = self.user_repository.get_compact(user_id).await?;
-
-        // Check if user is administrator
-        if !user.administrator {
-            return Err(ServiceError::Unauthorized);
-        }
+        self.authorization_service.authorize(ACTION::BanUser, Some(*user_id)).await?;
 
         let user_profile = self
             .user_profile_repository