From 6730dae884b021211678a72ed5cb9679a348ca08 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 12 Nov 2020 21:55:17 +0000
Subject: [PATCH] check acl format

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 src/spec.rs | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/spec.rs b/src/spec.rs
index 0f8ffdc1..aa75aa14 100644
--- a/src/spec.rs
+++ b/src/spec.rs
@@ -53,6 +53,8 @@ pub enum SpecError {
   PosOffTable,
   LibraryNotFound,
   LibraryItemNotFound,
+  AclInvalidAccountGlob,
+  AclEntryOverlappingAllowDeny,
 }
 display_as_debug!{SpecError}
 
@@ -116,7 +118,6 @@ struct UrlOnStdout;
 //#[derive(Debug,Serialize,Deserialize)]
 //struct TokenByEmail { email: String };
 // xxx ^ implement this
-// xxx ^ 
 
 //---------- Game TOML file ----------
 
@@ -244,6 +245,7 @@ pub mod implementation {
   use crate::imports::*;
 
   type AS = AccountScope;
+  type SE = SpecError;
   type TPS = TablePlayerSpec;
 
   impl<P: Eq + Hash> Default for Acl<P> {
@@ -255,9 +257,17 @@ pub mod implementation {
     { self.ents.serialize(s) }
   }
 
-  impl<P: Eq + Hash> From<RawAcl<P>> for Acl<P> {
-    fn from(ents: RawAcl<P>) -> Self {
-      // xxx check
+  impl<P: Eq + Hash> TryFrom<RawAcl<P>> for Acl<P> {
+    type Error = SpecError;
+    #[throws(SpecError)]
+    fn try_from(ents: RawAcl<P>) -> Self {
+      for ent in &ents {
+        glob::Pattern::new(&ent.account_glob)
+          .map_err(|_| SE::AclInvalidAccountGlob)?;
+        if ! ent.deny.is_disjoint(&ent.allow) {
+          throw!(SE::AclEntryOverlappingAllowDeny);
+        }
+      }
       Acl { ents }
     }
   }
-- 
2.30.2