allow_me/lib.rs
1//! # An authorization library with json-based policy definition.
2//! Define your authorization rules in a simple `Identity` (I), `Operation` (O),
3//! `Resource` (R) model. Evaluate requests against your policy rules.
4//!
5//! Supports the following customizations:
6//! * variable rules and custom variables,
7//! * custom resource matching,
8//! * custom validation,
9//! * default decision if no rules match.
10//!
11//! ## Examples
12//!
13//! ```rust
14//! use allow_me::{Decision, PolicyBuilder, Request};
15//!
16//! let json = r#"{
17//! "statements": [
18//! {
19//! "effect": "allow",
20//! "identities": [
21//! "actor_a"
22//! ],
23//! "operations": [
24//! "write"
25//! ],
26//! "resources": [
27//! "resource_1"
28//! ]
29//! }
30//! ]
31//! }"#;
32//!
33//! // Construct the policy.
34//! let policy = PolicyBuilder::from_json(json).build().unwrap();
35//!
36//! // Prepare request (e.g. from user input).
37//! let request = Request::new("actor_a", "write", "resource_1").unwrap();
38//!
39//! // Evaluate the request.
40//! match policy.evaluate(&request).unwrap() {
41//! Decision::Allowed => println!("Allowed"),
42//! Decision::Denied => {
43//! panic!("Denied!")
44//! }
45//! };
46//! ```
47//!
48//! See more in Examples folder.
49//!
50
51#![deny(rust_2018_idioms, warnings)]
52#![deny(clippy::all, clippy::pedantic)]
53#![allow(
54 clippy::module_name_repetitions,
55 clippy::must_use_candidate,
56 clippy::missing_errors_doc
57)]
58
59mod core;
60mod errors;
61pub mod matcher;
62mod substituter;
63mod validator;
64
65pub use crate::core::{Decision, Effect, Policy, Request};
66pub use crate::core::{PolicyBuilder, PolicyDefinition, Statement};
67pub use crate::errors::{Error, Result};
68pub use crate::matcher::ResourceMatcher;
69pub use crate::substituter::{DefaultSubstituter, Substituter, VariableIter};
70pub use crate::validator::{DefaultValidator, PolicyValidator};