logaritmisk/biggus-dickus
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(domain): make Editor capability policy fail-closed (exhaustive match)

Browse Source
This commit is contained in:
Anders Olsson
2026-06-02 14:32:13 +02:00
parent 74b2cf65ed
commit 9597a42eeb
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/domain/src/user.rs
+11 -1
View File
@@ -88,10 +88,20 @@ impl Role {
} }
/// The authorization policy: whether this role may perform `capability`. /// The authorization policy: whether this role may perform `capability`.
///
/// The `Editor` arm is an exhaustive `match` on purpose: adding a new
/// [`Capability`] variant is a compile error here until its Editor access is
/// decided explicitly, so the policy fails closed rather than silently granting
/// new capabilities to Editors.
pub fn allows(self, capability: Capability) -> bool { pub fn allows(self, capability: Capability) -> bool {
match self { match self {
Role::Admin => true, Role::Admin => true,
Role::Editor => !matches!(capability, Capability::ManageUsers), Role::Editor => match capability {
Capability::EditCatalogue
| Capability::PublishObjects
| Capability::ViewInternal => true,
Capability::ManageUsers => false,
},
} }
} }
} }