default_deny/
default_deny.rs

1use auth_policy::{
2    decision::{Decision, Effect},
3    engine::PolicyEngine,
4    policy::{Policy, Target},
5    request::Request,
6};
7
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    // Engine denies by default when no policy matches.
10    let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11        .target(Target::action("document:write"))
12        .effect(Effect::Permit)
13        .build()?]);
14
15    let read_request = Request::new()
16        .action("document:read")
17        .actor_attr("id", "user-123");
18
19    let decision = engine.evaluate(&read_request)?;
20    println!("decision: {:?}", decision);
21    assert_eq!(decision, Decision::Deny);
22
23    // Override the default effect to allow unmatched requests.
24    let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25        .with_default_effect(Effect::Permit);
26
27    let read_request = Request::new().action("document:read");
28    let decision = permissive_engine.evaluate(&read_request)?;
29    println!("permissive decision: {:?}", decision);
30    assert_eq!(decision, Decision::Permit);
31
32    Ok(())
33}
default_deny/default_deny.rs

default_deny/
default_deny.rs
