Permission

auth_framework::authorization_enhanced

Struct Permission 

Source 
pub struct Permission { /* private fields */ }
Expand description

A permission represents an action that can be performed on a resource type.

Permissions follow the format “action:resource” or “action:resource:instance” Examples:

  • “read:documents” - Read any document
  • “read:documents:doc123” - Read specific document doc123
  • “admin:users” - Admin access to users
  • “admin:users:user456” - Admin access to specific user

Special permissions:

  • :” grants all permissions (super admin)
  • “action:*” grants all actions on any resource
  • “*:resource” grants any action on a specific resource
  • “action:resource:*” grants action on any instance of resource

Implementations§

Source§

impl Permission

Source

pub fn new( action: impl Into<String>, resource_type: impl Into<String>, ) -> Permission

Create a new permission for an action on a resource type.

Source

pub fn try_new( action: impl Into<String>, resource_type: impl Into<String>, ) -> Result<Permission, Error>

Try to create a new permission, returning an error if validation fails.

Source

pub fn with_instance( action: impl Into<String>, resource_type: impl Into<String>, instance: impl Into<String>, ) -> Permission

Create a new permission for an action on a specific resource instance.

Source

pub fn with_condition<F>( action: impl Into<String>, resource_type: impl Into<String>, condition: F, ) -> Permission
where F: Fn(&HashMap<String, String>) -> bool + Send + Sync + 'static,

Create a permission with a conditional validator.

Source

pub fn with_instance_and_condition<F>( action: impl Into<String>, resource_type: impl Into<String>, instance: impl Into<String>, condition: F, ) -> Permission
where F: Fn(&HashMap<String, String>) -> bool + Send + Sync + 'static,

Create a permission with both instance and condition.

Source

pub fn wildcard(resource_type: impl Into<String>) -> Permission

Create a wildcard permission that grants access to all actions on a resource type.

Source

pub fn super_admin() -> Permission

Create a super-admin permission that grants access to everything.

Source

pub fn with_context( resource_type: impl Into<String>, action: impl Into<String>, context: Option<impl Into<String>>, ) -> Permission

Create a permission with enhanced context awareness.

§Example
use role_system::permission::Permission;
let perm = Permission::with_context("users", "read", Some("own_data"));
Source

pub fn with_scope( resource_type: impl Into<String>, action: impl Into<String>, scopes: Vec<impl Into<String>>, ) -> Vec<Permission>

Create a permission with multiple scopes/actions.

§Example
use role_system::permission::Permission;
let perms = Permission::with_scope("users", "read", vec!["profile", "preferences"]);
Source

pub fn conditional( resource_type: impl Into<String>, action: impl Into<String>, ) -> ConditionalPermissionBuilder

Create a conditional permission that depends on context.

§Example
use role_system::permission::Permission;
let perm = Permission::conditional("users", "update")
    .when(|context| context.get("user_id") == context.get("target_id"));
Source

pub fn action(&self) -> &str

Get the action this permission grants.

Source

pub fn resource_type(&self) -> &str

Get the resource type this permission applies to.

Source

pub fn instance(&self) -> Option<&str>

Get the specific instance this permission applies to, if any.

Source

pub fn matches(&self, action: &str, resource_type: &str) -> bool

Check if this permission matches the given action and resource type. For backward compatibility, this doesn’t consider instances.

Source

pub fn matches_with_instance( &self, action: &str, resource_type: &str, instance: Option<&str>, ) -> bool

Check if this permission matches the given action, resource type, and optional instance.

Source

pub fn implies(&self, other: &Permission) -> bool

Check if this permission implies another permission. A permission implies another if it grants equal or greater access.

Examples:

  • “read:documents” implies “read:documents:doc123”
  • “admin:*” implies “admin:users”
  • :” implies any permission
  • “read:documents:*” implies “read:documents:doc123”
Source

pub fn is_granted( &self, action: &str, resource_type: &str, context: &HashMap<String, String>, ) -> bool

Check if this permission is granted given the context.

Source

pub fn parse(permission_str: &str) -> Result<Permission, Error>

Parse a permission from a string format like “action:resource_type” or “action:resource_type:instance”.

Trait Implementations§

Source§

impl Clone for Permission

Source§

fn clone(&self) -> Permission

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Permission

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Permission

Source§

fn deserialize<__D>( __deserializer: __D, ) -> Result<Permission, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for Permission

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl FromStr for Permission

Source§

type Err = Error

The associated error which can be returned from parsing.
Source§

fn from_str(s: &str) -> Result<Permission, Error>

Parses a string s to return a value of this type. Read more
Source§

impl Hash for Permission

Source§

fn hash<H>(&self, state: &mut H)
where H: Hasher,

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for Permission

Source§

fn eq(&self, other: &Permission) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for Permission

Source§

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for Permission

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T> ToStringFallible for T
where T: Display,

Source§

fn try_to_string(&self) -> Result<String, TryReserveError>

ToString::to_string, but without panic on OOM.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,