pub fn is_allowed_in(
entries: &[String],
identity: &str,
policy: MatchPolicy<'_>,
) -> boolExpand description
Stateless allowlist check: returns true when identity is admitted by
entries under policy. Holds no state — the caller passes the entries
(typically resolved from a canonical config source per call), so this
satisfies single-source-of-truth invariants that forbid caching the
allowlist in a long-lived field.
Semantics are identical to AllowlistAspect::is_allowed: an empty list
denies everyone; any "*" entry admits everyone; otherwise the
(possibly normalized / custom-matched) identity must match some entry.