[−][src]Crate allow_me
An authorization library with json-based policy definition.
Define your authorization rules in a simple Identity
(I), Operation
(O),
Resource
(R) model. Evaluate requests against your policy rules.
Supports the following customizations:
- variable rules and custom variables,
- custom resource matching,
- custom validation,
- default decision if no rules match.
Examples
use allow_me::{Decision, PolicyBuilder, Request}; let json = r#"{ "statements": [ { "effect": "allow", "identities": [ "actor_a" ], "operations": [ "write" ], "resources": [ "resource_1" ] } ] }"#; // Construct the policy. let policy = PolicyBuilder::from_json(json).build().unwrap(); // Prepare request (e.g. from user input). let request = Request::new("actor_a", "write", "resource_1").unwrap(); // Evaluate the request. match policy.evaluate(&request).unwrap() { Decision::Allowed => println!("Allowed"), Decision::Denied => { panic!("Denied!") } };
See more in Examples folder.
Re-exports
pub use crate::matcher::ResourceMatcher; |
Modules
matcher |
Structs
DefaultSubstituter | Default implementation of |
DefaultValidator | Provides basic validation that policy definition elements are not empty. |
Policy | Policy engine. Represents a read-only set of rules and can
evaluate |
PolicyBuilder | A policy builder, responsible for parsing policy definition
and constructing |
PolicyDefinition | Represents a deserialized policy definition. |
Request | Represents a request that needs to be evaluated by |
Statement | Represents a statement in a policy definition. |
VariableIter | A simple iterator that returns all occurrences
of variable substrings like |
Enums
Decision | Represents a decision on the |
Effect | Represents an effect on a statement. |
Error |
Traits
PolicyValidator | Trait to extend |
Substituter | Trait to extend |
Type Definitions
Result | A specialized |