Struct Policy

Source

pub struct Policy { /* private fields */ }

Implementations§

Source §

impl Policy

Source

pub fn builder(id: impl Into<String>) -> PolicyBuilder

Examples found in repository ?

examples/basic.rs (line 9)

8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    let policy = Policy::builder("document-read")
10        .target(Target::action("document:read"))
11        .condition(Condition::equals("resource.owner_id", "actor.id"))
12        .effect(Effect::Permit)
13        .build()?;
14
15    let engine = PolicyEngine::from_policies([policy]);
16
17    let request = Request::new()
18        .action("document:read")
19        .actor_attr("id", "user-123")
20        .resource_attr("owner_id", "user-123");
21
22    let decision = engine.evaluate(&request)?;
23    println!("decision: {:?}", decision);
24    assert_eq!(decision, Decision::Permit);
25
26    Ok(())
27}

More examples

Hide additional examples

examples/default_deny.rs (line 10)

8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    // Engine denies by default when no policy matches.
10    let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11        .target(Target::action("document:write"))
12        .effect(Effect::Permit)
13        .build()?]);
14
15    let read_request = Request::new()
16        .action("document:read")
17        .actor_attr("id", "user-123");
18
19    let decision = engine.evaluate(&read_request)?;
20    println!("decision: {:?}", decision);
21    assert_eq!(decision, Decision::Deny);
22
23    // Override the default effect to allow unmatched requests.
24    let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25        .with_default_effect(Effect::Permit);
26
27    let read_request = Request::new().action("document:read");
28    let decision = permissive_engine.evaluate(&read_request)?;
29    println!("permissive decision: {:?}", decision);
30    assert_eq!(decision, Decision::Permit);
31
32    Ok(())
33}