adk_auth/
error.rs

1//! Error types for adk-auth.
2
3use thiserror::Error;
4
5/// Error returned when access is denied.
6#[derive(Debug, Clone, Error)]
7#[error("Access denied: user '{user}' cannot access {permission}")]
8pub struct AccessDenied {
9    /// The user who was denied.
10    pub user: String,
11    /// The permission that was denied.
12    pub permission: String,
13}
14
15impl AccessDenied {
16    /// Create a new access denied error.
17    pub fn new(user: impl Into<String>, permission: impl Into<String>) -> Self {
18        Self { user: user.into(), permission: permission.into() }
19    }
20}
21
22/// General auth error.
23#[derive(Debug, Error)]
24pub enum AuthError {
25    /// Access was denied.
26    #[error(transparent)]
27    AccessDenied(#[from] AccessDenied),
28
29    /// Role not found.
30    #[error("Role not found: {0}")]
31    RoleNotFound(String),
32
33    /// User not found.
34    #[error("User not found: {0}")]
35    UserNotFound(String),
36
37    /// Audit error.
38    #[error("Audit error: {0}")]
39    AuditError(String),
40
41    /// IO error (for file-based audit).
42    #[error("IO error: {0}")]
43    IoError(#[from] std::io::Error),
44}
45
46impl From<AuthError> for adk_core::AdkError {
47    fn from(err: AuthError) -> Self {
48        use adk_core::{ErrorCategory, ErrorComponent};
49        let (category, code) = match &err {
50            AuthError::AccessDenied(_) => (ErrorCategory::Forbidden, "auth.access_denied"),
51            AuthError::RoleNotFound(_) => (ErrorCategory::NotFound, "auth.role_not_found"),
52            AuthError::UserNotFound(_) => (ErrorCategory::NotFound, "auth.user_not_found"),
53            AuthError::AuditError(_) => (ErrorCategory::Internal, "auth.audit"),
54            AuthError::IoError(_) => (ErrorCategory::Internal, "auth.io"),
55        };
56        adk_core::AdkError::new(ErrorComponent::Auth, category, code, err.to_string())
57            .with_source(err)
58    }
59}
adk_auth/error.rs

adk_auth/
error.rs
