Expand description
§An authorization library with json-based policy definition.
Define your authorization rules in a simple Identity
(I), Operation
(O),
Resource
(R) model. Evaluate requests against your policy rules.
Supports the following customizations:
- variable rules and custom variables,
- custom resource matching,
- custom validation,
- default decision if no rules match.
§Examples
use allow_me::{Decision, PolicyBuilder, Request};
let json = r#"{
"statements": [
{
"effect": "allow",
"identities": [
"actor_a"
],
"operations": [
"write"
],
"resources": [
"resource_1"
]
}
]
}"#;
// Construct the policy.
let policy = PolicyBuilder::from_json(json).build().unwrap();
// Prepare request (e.g. from user input).
let request = Request::new("actor_a", "write", "resource_1").unwrap();
// Evaluate the request.
match policy.evaluate(&request).unwrap() {
Decision::Allowed => println!("Allowed"),
Decision::Denied => {
panic!("Denied!")
}
};
See more in Examples folder.
Re-exports§
pub use crate::matcher::ResourceMatcher;
Modules§
Structs§
- Default implementation of
Substituter
. It supports several useful variables: - Provides basic validation that policy definition elements are not empty.
- Policy engine. Represents a read-only set of rules and can evaluate
Request
based on those rules. - A policy builder, responsible for parsing policy definition and constructing
Policy
struct. - Represents a deserialized policy definition.
- Represents a request that needs to be evaluated by
Policy
engine. - Represents a statement in a policy definition.
- A simple iterator that returns all occurrences of variable substrings like
{{var_name}}
in the provided string value. Can be used in your customSubstituter
implementation.
Enums§
- Represents a decision on the
Request
to thePolicy
engine. - Represents an effect on a statement.
Traits§
- Trait to extend
PolicyBuilder
validation for policy definition. - Trait to extend
Policy
variable rules resolution.
Type Aliases§
- A specialized
Result
type for policy engine operations.