Struct PermissionChecker 

pub struct PermissionChecker { /* private fields */ }

Permission checker for validating access rights.

Implementations

impl PermissionChecker

pub fn check_advanced_permission( &self, user_id: &str, permission: &Permission, user_attributes: &HashMap<String, Value>, abac_policy: Option<&AbacPolicy>, delegations: Option<&[Delegation]>, role_resolver: &dyn Fn(&str) -> Option<Role>, ) -> bool

Check permission for a user with ABAC and delegation support.

pub fn check_abac( &self, user_attributes: &HashMap<String, Value>, permission: &Permission, abac_policy: &AbacPolicy, ) -> bool

Check permission with ABAC policy

pub fn check_delegation( &self, user_id: &str, permission: &Permission, delegations: &[Delegation], ) -> bool

Check permission with delegation

impl PermissionChecker

pub fn new() -> Self

Create a new permission checker.

pub fn add_role(&mut self, role: Role)

Add a role definition.

pub fn remove_role(&mut self, role_name: &str)

Remove a role definition.

pub fn get_role(&self, role_name: &str) -> Option<&Role>

Get a role by name.

pub fn set_user_permissions(&mut self, user_permissions: UserPermissions)

Set user permissions.

pub fn get_user_permissions(&self, user_id: &str) -> Option<&UserPermissions>

Get user permissions.

pub fn get_user_permissions_mut( &mut self, user_id: &str, ) -> Option<&mut UserPermissions>

Get mutable user permissions.

pub fn add_user_permission(&mut self, user_id: &str, permission: Permission)

Add a permission to a user.

pub fn add_user_role(&mut self, user_id: &str, role: impl Into<String>)

Add a role to a user.

pub fn check_permission( &mut self, user_id: &str, permission: &Permission, ) -> Result<bool>

Check if a user has a specific permission.

pub fn check_access( &mut self, user_id: &str, action: &str, resource: &str, ) -> Result<bool>

Check if a user has permission for a specific action on a resource.

pub fn check_instance_access( &mut self, user_id: &str, action: &str, resource: &str, instance: &str, ) -> Result<bool>

Check if a user has permission for a specific action on a resource instance.

pub fn check_token_permission( &mut self, token: &AuthToken, permission: &Permission, ) -> Result<bool>

Check permission from an auth token.

pub fn add_resource_hierarchy(&mut self, parent: String, children: Vec<String>)

Add resource hierarchy relationship

pub fn get_child_resources(&self, parent: &str) -> Option<&Vec<String>>

Get child resources for a parent resource

pub fn check_hierarchical_permission( &mut self, user_id: &str, action: &str, resource: &str, ) -> Result<bool>

Check hierarchical permission - if user has permission on parent, they have it on children

pub fn create_default_roles(&mut self)

Create some default roles for common use cases.

pub fn load_permissions(&mut self, _config: &str) -> Result<()>

Load permissions from a configuration or database.

pub fn assign_role_to_user( &mut self, user_id: &str, role_name: &str, ) -> Result<()>

Assign a role to a user.

pub fn set_role_inheritance( &mut self, child_role: &str, parent_role: &str, ) -> Result<()>

Set role inheritance relationship.

pub fn remove_user_permission(&mut self, user_id: &str, permission: &Permission)

Remove a permission from a user.

pub fn user_has_role(&self, user_id: &str, role_name: &str) -> bool

Check if a user has a specific role.

pub fn get_effective_permissions(&self, user_id: &str) -> Vec<String>

Get effective permissions for a user (including role-based permissions).

Trait Implementations

impl Clone for PermissionChecker

fn clone(&self) -> PermissionChecker

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for PermissionChecker

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for PermissionChecker

fn default() -> Self

Returns the “default value” for a type.