Crate allow_me

Source
Expand description

§An authorization library with json-based policy definition.

Define your authorization rules in a simple Identity (I), Operation (O), Resource (R) model. Evaluate requests against your policy rules.

Supports the following customizations:

  • variable rules and custom variables,
  • custom resource matching,
  • custom validation,
  • default decision if no rules match.

§Examples

use allow_me::{Decision, PolicyBuilder, Request};

let json = r#"{
    "statements": [
        {
            "effect": "allow",
            "identities": [
                "actor_a"
            ],
            "operations": [
                "write"
            ],
            "resources": [
                "resource_1"
            ]
        }
    ]
}"#;

// Construct the policy.
let policy = PolicyBuilder::from_json(json).build().unwrap();

// Prepare request (e.g. from user input).
let request = Request::new("actor_a", "write", "resource_1").unwrap();

// Evaluate the request.
match policy.evaluate(&request).unwrap() {
    Decision::Allowed => println!("Allowed"),
    Decision::Denied => {
        panic!("Denied!")
    }
};

See more in Examples folder.

Re-exports§

Modules§

Structs§

  • Default implementation of Substituter. It supports several useful variables:
  • Provides basic validation that policy definition elements are not empty.
  • Policy engine. Represents a read-only set of rules and can evaluate Request based on those rules.
  • A policy builder, responsible for parsing policy definition and constructing Policy struct.
  • Represents a deserialized policy definition.
  • Represents a request that needs to be evaluated by Policy engine.
  • Represents a statement in a policy definition.
  • A simple iterator that returns all occurrences of variable substrings like {{var_name}} in the provided string value. Can be used in your custom Substituter implementation.

Enums§

  • Represents a decision on the Request to the Policy engine.
  • Represents an effect on a statement.

Traits§

Type Aliases§

  • A specialized Result type for policy engine operations.