Module authorization

Common functionality related to authorization

Structs

• ActionOnResource
• AuthUser
  Extractor for an authenticated user.
• AuthorizationToken
  Validates that user has right to function
• AuthorizedResponse
  Responder for AuthorizationToken
• GraphQLRequest 🔒
• MoocfiUser 🔒
• MoocfiUserResponse 🔒
• MoocfiUserResponseData 🔒

Enums

• Action
  Describes an action that a user can take on some resource.
• Resource
  The target of an action.

Constants

• MOOCFI_GRAPHQL_URL 🔒
• SESSION_KEY 🔒

Functions

• async_http_client_with_headers 🔒
  HTTP Client used only for authenticating with TMC server. This function:
• authenticate_moocfi_user
  Authenticates the user with mooc.fi, returning the authenticated user and their oauth token.
• authenticate_test_token
• authenticate_test_user
  Authenticates a test user with predefined credentials. Returns Ok(true) if authentication succeeds, Ok(false) if credentials are incorrect, and Err for other errors.
• authorize
  The authorization token is the only way to return a controller result, and should only be used in controller functions that return a response to the user.
• authorize_access_to_course_material
  Can be used to check whether user is allowed to view some course material
• authorize_access_to_tmc_server
  Can be used to check whether user is allowed to view some course material
• authorize_with_fetched_list_of_roles
  Same as authorize, but takes as an argument Vec<Role> so that we avoid fetching the roles from the database for optimization reasons. This is useful when we’re checking multiple authorizations at once.
• can_user_view_chapter
  Can be used to check whether user is allowed to view some course material. Chapters can be closed and and limited to certain people only.
• check_course_instance_permission 🔒
  Also checks organization and course roles which are valid for course instances.
• check_course_or_exam_permission 🔒
• check_course_permission 🔒
  Also checks organization role which is valid for courses.
• check_exam_permission 🔒
  Also checks organization role which is valid for exams.
• check_organization_permission 🔒
• check_study_registry_permission 🔒
• create_authorization_error 🔒
  Creates a ControllerError for authorization failures with more information in the source error
• exchange_password_with_tmc
  Exchanges user credentials with TMC server to obtain an OAuth token.
• forget
  Forgets authentication from the current session, if any.
• get_or_create_user_from_moocfi_response 🔒
• get_ratelimit_api_key 🔒
  Gets the rate limit protection API key from environment variables and converts it to a header value. This key is used to bypass rate limiting when making requests to TMC server.
• get_user_from_moocfi_by_login_token
• get_user_from_moocfi_by_tmc_access_token_and_upstream_id
• has_auth_user_session
  Checks if the user is authenticated in the given session.
• has_permission 🔒
• parse_secret_key_from_header
• remember
  Stores the user as authenticated in the given session.
• skip_authorize
  Skips the authorize() and returns AuthorizationToken, needed in functions with anonymous and test users
• verify_auth_user_exists 🔒
  For making sure the user saved in the session still exists in the database. Check the user’s existance when the session is at least 3 hours old, updates the session automatically, and returns an up-to-date AuthUser.

Type Aliases

• LoginToken