Merge #624: #615 Use Casbin for the authorization layer

389acc4 chore(deps): update dependencies (Mario)
6e1877c refactor: [#615] new get role method, new user role enum and minor refactoring (Mario)
3671c78 refactor: [#615]  explicit Casbin imports and policy now defined as string (Mario)
22b0e67 refactor: [#615] delete unused Casbin folder (Mario)
463c533 refactor: [#615] new panic messages and minor refactorings (Mario)
7104b61 feat: [#615] policy is now loaded from code and minor refactors (Mario)
f24afaf refactor: [#165] removed unused model file (Mario)
344857e refactor: [#615] model is now read from string instead of file and code cleanup (Mario)
5dc9dca refactor: [#615] more human readable policy file (Mario)
e13f579 feat: [#615] authorization service implemented for ban user handler (Mario)
ba0ad37 refactor: [#615] code cleanup and improved comments (Mario)
58a33e7 feat: [#615] added authorization for delete torrent action (Mario)
e00b0f6 feat: [#615] added Casbin enforcer to app state (Mario)
7a39d0b refactor: [#615] policy file allows admin user to perform any action (Mario)
d9ea173 feat: [#615] initial casbin configuration (Mario)
9895346 feat: [#615] casbin package added (Mario)

Pull request description:

  Resolves #615

ACKs for top commit:
  josecelano:
    ACK 389acc4

Tree-SHA512: f090f99621489d9150aa9f0775907959fa0f93d5bee0b382ad02f1622c2f1ae5db527639a9a0d78be5fc8bf7cfd06059b88287d0f799b79ae929052fd2d45a4c

Author: josecelano

Cargo.lock

@@ -97,6 +97,7 @@ url = { version = "2.5.0", features = ["serde"] }
 urlencoding = "2"
 uuid = { version = "1", features = ["v4"] }
 tracing-subscriber = { version = "0.3.18", features = ["json"] }
+casbin = "2.2.0"
 
 [dev-dependencies]
 tempfile = "3"

Cargo.toml

@@ -87,9 +87,10 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
     let torrent_tag_repository = Arc::new(DbTorrentTagRepository::new(database.clone()));
     let torrent_listing_generator = Arc::new(DbTorrentListingGenerator::new(database.clone()));
     let banned_user_list = Arc::new(DbBannedUserList::new(database.clone()));
+    let casbin_enforcer = Arc::new(authorization::CasbinEnforcer::new().await);
 
     // Services
-    let authorization_service = Arc::new(authorization::Service::new(user_repository.clone()));
+    let authorization_service = Arc::new(authorization::Service::new(user_repository.clone(), casbin_enforcer.clone()));
     let tracker_service = Arc::new(tracker::service::Service::new(configuration.clone(), database.clone()).await);
     let tracker_statistics_importer =
         Arc::new(StatisticsImporter::new(configuration.clone(), tracker_service.clone(), database.clone()).await);
@@ -115,6 +116,7 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
         torrent_announce_url_repository.clone(),
         torrent_tag_repository.clone(),
         torrent_listing_generator.clone(),
+        authorization_service.clone(),
     ));
     let registration_service = Arc::new(user::RegistrationService::new(
         configuration.clone(),
@@ -127,9 +129,9 @@ pub async fn run(configuration: Configuration, api_version: &Version) -> Running
         user_authentication_repository.clone(),
     ));
     let ban_service = Arc::new(user::BanService::new(
-        user_repository.clone(),
         user_profile_repository.clone(),
         banned_user_list.clone(),
+        authorization_service.clone(),
     ));
     let authentication_service = Arc::new(Service::new(
         configuration.clone(),