Skip to main content

actix_security_core/http/security/expression/
mod.rs

1//! Security Expression Language (SpEL-like) for authorization.
2//!
3//! # Spring Security Equivalent
4//! `org.springframework.security.access.expression`
5//!
6//! # Overview
7//! This module provides a Spring Security-like expression language for
8//! defining complex authorization rules.
9//!
10//! # Supported Expressions
11//!
12//! ## Built-in Functions
13//! - `hasRole('ROLE')` - Check if user has the specified role
14//! - `hasAnyRole('ROLE1', 'ROLE2')` - Check if user has any of the roles
15//! - `hasAuthority('AUTH')` - Check if user has the specified authority
16//! - `hasAnyAuthority('AUTH1', 'AUTH2')` - Check if user has any authority
17//! - `isAuthenticated()` - Check if user is authenticated
18//! - `permitAll()` - Always returns true
19//! - `denyAll()` - Always returns false
20//!
21//! ## Operators
22//! - `AND` / `and` / `&&` - Logical AND
23//! - `OR` / `or` / `||` - Logical OR
24//! - `NOT` / `not` / `!` - Logical NOT
25//! - `(` `)` - Grouping
26//!
27//! # Examples
28//! ```ignore
29//! use actix_security_core::http::security::expression::SecurityExpression;
30//!
31//! let expr = SecurityExpression::parse("hasRole('ADMIN') OR hasAuthority('users:write')")?;
32//! let result = expr.evaluate(&user);
33//! ```
34//!
35//! # Extensibility
36//! Custom expressions can be added by implementing the `ExpressionRoot` trait:
37//!
38//! ```ignore
39//! use actix_security_core::http::security::expression::{ExpressionRoot, DefaultExpressionRoot};
40//! use actix_security_core::http::security::User;
41//!
42//! struct CustomExpressionRoot {
43//!     default: DefaultExpressionRoot,
44//! }
45//!
46//! impl ExpressionRoot for CustomExpressionRoot {
47//!     fn evaluate_function(&self, name: &str, args: &[String], user: Option<&User>) -> Option<bool> {
48//!         match name {
49//!             "isAdmin" => Some(user.map_or(false, |u| u.has_role("ADMIN"))),
50//!             "hasIpAddress" => {
51//!                 // Custom IP check logic
52//!                 Some(true)
53//!             }
54//!             _ => self.default.evaluate_function(name, args, user),
55//!         }
56//!     }
57//! }
58//! ```
59
60mod ast;
61mod evaluator;
62mod parser;
63mod root;
64
65pub use ast::{BinaryOp, Expression, UnaryOp};
66pub use evaluator::ExpressionEvaluator;
67pub use parser::{ParseError, SecurityExpression};
68pub use root::{DefaultExpressionRoot, ExpressionRoot};
69
70#[cfg(test)]
71mod tests;