headless_lms_server::domain

Module authorization

Source
Expand description

Common functionality related to authorization

Structs§

ActionOnResource
AuthUser
Extractor for an authenticated user.
AuthorizationToken
Validates that user has right to function
AuthorizedResponse
Responder for AuthorizationToken
GraphQLRequest πŸ”’
MoocfiUser πŸ”’
MoocfiUserResponse πŸ”’
MoocfiUserResponseData πŸ”’

Enums§

Action
Describes an action that a user can take on some resource.
Resource
The target of an action.

Constants§

MOOCFI_GRAPHQL_URL πŸ”’
SESSION_KEY πŸ”’

Functions§

async_http_client_with_headers πŸ”’
HTTP Client used only for authenticating with TMC server. This function:
authenticate_moocfi_user
Authenticates the user with mooc.fi, returning the authenticated user and their oauth token.
authenticate_test_token
authenticate_test_user
Authenticates a test user with predefined credentials. Returns Ok(true) if authentication succeeds, Ok(false) if credentials are incorrect, and Err for other errors.
authorize
The authorization token is the only way to return a controller result, and should only be used in controller functions that return a response to the user.
authorize_access_to_course_material
Can be used to check whether user is allowed to view some course material
authorize_access_to_tmc_server
Can be used to check whether user is allowed to view some course material
authorize_with_fetched_list_of_roles
Same as authorize, but takes as an argument Vec<Role> so that we avoid fetching the roles from the database for optimization reasons. This is useful when we’re checking multiple authorizations at once.
can_user_view_chapter
Can be used to check whether user is allowed to view some course material. Chapters can be closed and and limited to certain people only.
check_course_instance_permission πŸ”’
Also checks organization and course roles which are valid for course instances.
check_course_or_exam_permission πŸ”’
check_course_permission πŸ”’
Also checks organization role which is valid for courses.
check_exam_permission πŸ”’
Also checks organization role which is valid for exams.
check_organization_permission πŸ”’
check_study_registry_permission πŸ”’
create_authorization_error πŸ”’
Creates a ControllerError for authorization failures with more information in the source error
exchange_password_with_tmc
Exchanges user credentials with TMC server to obtain an OAuth token.
forget
Forgets authentication from the current session, if any.
get_or_create_user_from_moocfi_response πŸ”’
get_ratelimit_api_key πŸ”’
Gets the rate limit protection API key from environment variables and converts it to a header value. This key is used to bypass rate limiting when making requests to TMC server.
get_user_from_moocfi_by_login_token
get_user_from_moocfi_by_tmc_access_token_and_upstream_id
has_auth_user_session
Checks if the user is authenticated in the given session.
has_permission πŸ”’
parse_secret_key_from_header
remember
Stores the user as authenticated in the given session.
skip_authorize
Skips the authorize() and returns AuthorizationToken, needed in functions with anonymous and test users
verify_auth_user_exists πŸ”’
For making sure the user saved in the session still exists in the database. Check the user’s existance when the session is at least 3 hours old, updates the session automatically, and returns an up-to-date AuthUser.

Type Aliases§

LoginToken