Skip to main content

AuthorizationManager

auth_framework::auth_modular::authorization_manager

Struct AuthorizationManager 

Source 
pub struct AuthorizationManager { /* private fields */ }
Expand description

Authorization manager that owns the PermissionChecker and exposes all role and permission operations for delegation from AuthFramework.

§Example

use auth_framework::auth_modular::AuthorizationManager;
let am = AuthorizationManager::new(checker.clone(), storage.clone());
am.create_default_roles().await;

Implementations§

Source§

impl AuthorizationManager

Source

pub fn new( checker: Arc<RwLock<PermissionChecker>>, storage: Arc<dyn AuthStorage>, ) -> Self

Create a new authorization manager.

§Example
let am = AuthorizationManager::new(checker.clone(), storage.clone());
Source

pub async fn create_default_roles(&self)

Initialize the default roles in the permission checker (called during framework init).

§Example
am.create_default_roles().await;
Source

pub async fn load_persisted_roles(&self) -> Result<()>

Load persisted roles and user→role assignments from KV storage into the in-memory permission checker. Called during framework initialization after create_default_roles so that previously persisted state survives process restarts.

§Example
am.load_persisted_roles().await?;
Source

pub async fn reset_runtime_state(&self)

Reset runtime authorization state back to the default role set.

§Example
am.reset_runtime_state().await;
Source

pub async fn grant_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Grant a direct permission to a user.

§Example
am.grant_permission("user-1", "read", "documents").await?;
Source

pub async fn revoke_permission( &self, user_id: &str, action: &str, resource: &str, ) -> Result<()>

Revoke a direct permission from a user.

§Example
am.revoke_permission("user-1", "read", "documents").await?;
Source

pub async fn create_role(&self, role: Role) -> Result<()>

Create (register) a new role.

§Example
use auth_framework::permissions::Role;
am.create_role(Role::new("editor")).await?;
Source

pub async fn list_roles(&self) -> Vec<Role>

Return all known roles.

§Example
let roles = am.list_roles().await;
for r in &roles { println!("{}", r.name); }
Source

pub async fn get_role(&self, role_name: &str) -> Result<Role>

Fetch a role definition by name.

§Example
let role = am.get_role("admin").await?;
println!("permissions: {:?}", role.permissions());
Source

pub async fn add_role_permission( &self, role_name: &str, permission: Permission, ) -> Result<()>

Add a permission to an existing role.

§Example
use auth_framework::permissions::Permission;
am.add_role_permission("editor", Permission::new("write", "posts")).await?;
Source

pub async fn assign_role(&self, user_id: &str, role_name: &str) -> Result<()>

Assign a role to a user.

§Example
am.assign_role("user-1", "editor").await?;
Source

pub async fn remove_role(&self, user_id: &str, role_name: &str) -> Result<()>

Remove a role from a user.

§Example
am.remove_role("user-1", "editor").await?;
Source

pub async fn set_role_inheritance( &self, child_role: &str, parent_role: &str, ) -> Result<()>

Set role inheritance (child_role inherits all permissions from parent_role).

§Example
am.set_role_inheritance("moderator", "user").await?;
Source

pub async fn check_token_permission( &self, token: &AuthToken, action: &str, resource: &str, ) -> Result<bool>

Check if a token has a specific direct permission.

Does not validate the token itself — the caller must validate the token’s signature and expiry before calling this method.

§Example
let allowed = am.check_token_permission(&token, "read", "users").await?;
Source

pub async fn check_user_permission( &self, user_id: &str, action: &str, resource: &str, ) -> bool

Check if a user (by ID) has a specific permission (ABAC/RBAC evaluation).

§Example
if am.check_user_permission("user-1", "write", "posts").await {
    println!("allowed");
}
Source

pub async fn user_has_role( &self, user_id: &str, role_name: &str, ) -> Result<bool>

Check whether a user currently holds a named role.

§Example
let is_admin = am.user_has_role("user-1", "admin").await?;
Source

pub async fn get_effective_permissions( &self, user_id: &str, ) -> Result<Vec<String>>

Get all effective permissions for a user (direct + role-inherited).

§Example
let perms = am.get_effective_permissions("user-1").await?;
for p in &perms { println!("{}", p); }
Source

pub async fn list_user_roles(&self, user_id: &str) -> Result<Vec<String>>

List the currently assigned runtime roles for a user.

§Example
let roles = am.list_user_roles("user-1").await?;
Source

pub async fn get_metrics(&self) -> (usize, usize, usize)

Get raw permission metrics: (role_count, user_count, total_direct_permission_count).

§Example
let (roles, users, perms) = am.get_metrics().await;
Source

pub async fn create_abac_policy( &self, name: &str, description: &str, ) -> Result<()>

Create or overwrite an ABAC policy record in storage.

§Example
am.create_abac_policy("time-restricted", "Business hours only").await?;
Source

pub async fn map_user_attribute( &self, user_id: &str, attribute: &str, value: &str, ) -> Result<()>

Store a user attribute used in ABAC policy evaluation.

§Example
am.map_user_attribute("user-1", "department", "engineering").await?;
Source

pub async fn get_user_attribute( &self, user_id: &str, attribute: &str, ) -> Result<Option<String>>

Retrieve a single user attribute.

§Example
let dept = am.get_user_attribute("user-1", "department").await?;
Source

pub async fn check_dynamic_permission( &self, user_id: &str, action: &str, resource: &str, context: HashMap<String, String>, ) -> Result<bool>

Evaluate a permission request with full ABAC context.

§Example
use std::collections::HashMap;
let mut ctx = HashMap::new();
ctx.insert("time_restriction".into(), "business_hours".into());
let ok = am.check_dynamic_permission("user-1", "read", "reports", ctx).await?;
Source

pub async fn create_resource(&self, resource: &str) -> Result<()>

Register a resource in the permission system.

§Example
am.create_resource("documents").await?;
Source

pub async fn delegate_permission( &self, delegator_id: &str, delegatee_id: &str, action: &str, resource: &str, duration: Duration, ) -> Result<()>

Delegate a permission from one user to another for a limited duration.

§Example
am.delegate_permission(
    "admin-1", "user-2", "read", "reports",
    std::time::Duration::from_secs(3600),
).await?;
Source

pub async fn get_active_delegations(&self, user_id: &str) -> Result<Vec<String>>

List currently active permission delegations for a user (as delegatee).

§Example
let delegations = am.get_active_delegations("user-2").await?;
Source

pub async fn get_permission_metrics( &self, active_sessions: u64, permission_checks_last_hour: u64, ) -> Result<HashMap<String, u64>>

Assemble aggregated permission metrics.

active_sessions and permission_checks_last_hour are provided by the caller so that the manager stays independent from the session and audit subsystems.

§Example
let metrics = am.get_permission_metrics(42, 1000).await?;
println!("total_roles: {}", metrics["total_roles"]);

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more