From 04b0b1dd0573b7dfe76cfddf9a11d32c27fe728d Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Mon, 8 May 2023 18:13:09 +0200
Subject: [PATCH] jwt: get user roles in jwt

---
 crates/ezidam/src/guards/jwt.rs | 14 ++++++++++++--
 crates/ezidam/src/tokens.rs     | 10 ++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/crates/ezidam/src/guards/jwt.rs b/crates/ezidam/src/guards/jwt.rs
index 9e4192d..ddc5f57 100644
--- a/crates/ezidam/src/guards/jwt.rs
+++ b/crates/ezidam/src/guards/jwt.rs
@@ -7,6 +7,7 @@ use hash::SecretString;
 use id::{KeyID, UserID};
 use jwt::database::Key;
 use jwt::{JwtClaims, PrivateKey};
+use permissions::Permission;
 use refresh_tokens::RefreshToken;
 use rocket::http::Status;
 use rocket::http::{Cookie, CookieJar, SameSite};
@@ -53,6 +54,7 @@ pub enum Error {
     ImportKey(jwt::Error),
     JwtValidation(jwt::Error),
     BlockingTask(String),
+    GetPermissions(permissions::Error),
 }
 
 pub struct SpecificUser<'a> {
@@ -382,8 +384,16 @@ pub async fn use_refresh_token(
             }
         };
 
-    // TODO: get user roles
-    let roles = vec![];
+    // Get user roles
+    let roles = match Permission::get_all(&mut transaction, Some(user.id()), None).await {
+        Ok(roles) => roles
+            .into_iter()
+            .map(|role| role.role().to_string())
+            .collect(),
+        Err(e) => {
+            return Outcome::Failure((Status::InternalServerError, Error::GetPermissions(e)));
+        }
+    };
 
     // Create jwt, sign and serialize
     let jwt_claims = JwtClaims::new(home_page.clone(), "ezidam", &user, roles);
diff --git a/crates/ezidam/src/tokens.rs b/crates/ezidam/src/tokens.rs
index 987ed55..37252fe 100644
--- a/crates/ezidam/src/tokens.rs
+++ b/crates/ezidam/src/tokens.rs
@@ -1,6 +1,7 @@
 use hash::SecretString;
 use id::{AppID, UserID};
 use jwt::{JwtClaims, PrivateKey};
+use permissions::Permission;
 use refresh_tokens::RefreshToken;
 use rocket::tokio::task;
 use rocket_db_pools::sqlx::SqliteExecutor;
@@ -46,8 +47,13 @@ pub async fn generate_jwt(
     audience: &str,
     user: &User,
 ) -> Result<String, String> {
-    // TODO: get user roles
-    let roles = vec![];
+    // Get user roles
+    let roles = Permission::get_all(conn, Some(user.id()), None)
+        .await
+        .map_err(|e| e.to_string())?
+        .into_iter()
+        .map(|role| role.role().to_string())
+        .collect();
 
     // Create jwt, sign and serialize
     let jwt = JwtClaims::new(issuer, audience, user, roles)