clippy: rewrite ifs with identical return values

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2021-01-20 17:23:51 +01:00 committed by Wolfgang Bumiller
parent 43313c2ee7
commit 4d08e25913
2 changed files with 19 additions and 29 deletions

View File

@ -27,6 +27,7 @@ pub mod role;
pub mod tfa;
pub mod user;
#[allow(clippy::large_enum_variant)]
enum AuthResult {
/// Successful authentication which does not require a new ticket.
Success,
@ -331,27 +332,20 @@ pub fn list_permissions(
let user_info = CachedUserInfo::new()?;
let user_privs = user_info.lookup_privs(&current_auth_id, &["access"]);
let auth_id = if user_privs & PRIV_SYS_AUDIT == 0 {
match auth_id {
Some(auth_id) => {
if auth_id == current_auth_id {
auth_id
} else if auth_id.is_token()
let auth_id = match auth_id {
Some(auth_id) if auth_id == current_auth_id => current_auth_id,
Some(auth_id) => {
if user_privs & PRIV_SYS_AUDIT != 0
|| (auth_id.is_token()
&& !current_auth_id.is_token()
&& auth_id.user() == current_auth_id.user()
{
auth_id
} else {
bail!("not allowed to list permissions of {}", auth_id);
}
&& auth_id.user() == current_auth_id.user())
{
auth_id
} else {
bail!("not allowed to list permissions of {}", auth_id);
}
None => current_auth_id,
}
} else {
match auth_id {
Some(auth_id) => auth_id,
None => current_auth_id,
}
},
None => current_auth_id,
};
fn populate_acl_paths(

View File

@ -110,16 +110,12 @@ fn check_task_access(auth_id: &Authid, upid: &UPID) -> Result<(), Error> {
} else {
let user_info = CachedUserInfo::new()?;
let task_privs = user_info.lookup_privs(auth_id, &["system", "tasks"]);
if task_privs & PRIV_SYS_AUDIT != 0 {
// allowed to read all tasks in general
Ok(())
} else if check_job_privs(&auth_id, &user_info, upid).is_ok() {
// job which the user/token could have configured/manually executed
Ok(())
} else {
bail!("task access not allowed");
}
// access to all tasks
// or task == job which the user/token could have configured/manually executed
user_info.check_privs(auth_id, &["system", "tasks"], PRIV_SYS_AUDIT, false)
.or_else(|_| check_job_privs(&auth_id, &user_info, upid))
.or_else(|_| bail!("task access not allowed"))
}
}