beginning implementation of authorization

Author: dsullivan7

src/authorization/mod.rs

@@ -1,6 +1,7 @@
 use mockall::*;
 use serde::{Deserialize, Serialize};
 use thiserror::Error;
+use uuid::Uuid;
 
 #[derive(Error, Debug)]
 pub enum AuthorizationError {
@@ -9,7 +10,7 @@ pub enum AuthorizationError {
 }
 
 pub struct User {
-    pub user_id: String,
+    pub user_id: Uuid,
     pub role: String,
 }
 

src/handlers/authorization.rs

@@ -1,19 +1,42 @@
 use anyhow::anyhow;
-use axum::{body::Body, extract::Request, extract::State, http::Response, middleware::Next};
+use axum::{
+    body::Body,
+    extract::{Request, State},
+    http::Response,
+    middleware::Next,
+    Extension,
+};
+use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
 
-use crate::{authorization::User, errors};
+use crate::{
+    authentication::Claims,
+    authorization::User as AuthzUser,
+    errors,
+    models::{self, user::Entity as User},
+};
 
 use super::AppState;
 
-pub async fn is_user_action_allowed(
-    State(AppState { authorization, .. }): State<AppState>,
+pub async fn can_list_users(
+    State(state): State<AppState>,
+    Extension(claims): Extension<Claims>,
     req: Request,
     next: Next,
 ) -> Result<Response<Body>, errors::ServerError> {
+    let conn = &*state.conn.clone();
+    let authorization = state.authorization.clone();
+
+    let user = User::find()
+        .filter(models::user::Column::Auth0Id.eq(claims.sub.to_owned()))
+        .one(conn)
+        .await
+        .map_err(|err| errors::ServerError::Internal(anyhow!(err)))?
+        .ok_or(errors::ServerError::Unauthorized)?;
+
     let is_authorized = authorization
         .is_action_allowed(
-            User {
-                user_id: "random".to_owned(),
+            AuthzUser {
+                user_id: user.user_id.to_owned(),
                 role: "random".to_owned(),
             },
             "list_users".to_owned(),

src/handlers/routes.rs

@@ -32,7 +32,7 @@ pub fn router(app_state: AppState) -> Router {
                 "/users",
                 get(users::list_users).layer(middleware::from_fn_with_state(
                     app_state.clone(),
-                    authorization_middleware::is_user_action_allowed,
+                    authorization_middleware::can_list_users,
                 )),
             )
             .route("/users/{user_id}", get(users::get_user))

src/handlers/users_test.rs

@@ -93,6 +93,7 @@ mod tests {
         };
 
         let conn = MockDatabase::new(DatabaseBackend::Postgres)
+            .append_query_results(vec![vec![user_db_1.clone()]])
             .append_query_results(vec![vec![user_db_1.clone(), user_db_2.clone()]])
             .into_connection();