PolicyBuilder

auth_policy::policy

Struct PolicyBuilder 

Source 
pub struct PolicyBuilder { /* private fields */ }

Implementations§

Source§

impl PolicyBuilder

Source

pub fn target(self, target: Target) -> Self

Examples found in repository?
examples/basic.rs (line 10)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    let policy = Policy::builder("document-read")
10        .target(Target::action("document:read"))
11        .condition(Condition::equals("resource.owner_id", "actor.id"))
12        .effect(Effect::Permit)
13        .build()?;
14
15    let engine = PolicyEngine::from_policies([policy]);
16
17    let request = Request::new()
18        .action("document:read")
19        .actor_attr("id", "user-123")
20        .resource_attr("owner_id", "user-123");
21
22    let decision = engine.evaluate(&request)?;
23    println!("decision: {:?}", decision);
24    assert_eq!(decision, Decision::Permit);
25
26    Ok(())
27}
More examples
Hide additional examples
examples/default_deny.rs (line 11)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    // Engine denies by default when no policy matches.
10    let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11        .target(Target::action("document:write"))
12        .effect(Effect::Permit)
13        .build()?]);
14
15    let read_request = Request::new()
16        .action("document:read")
17        .actor_attr("id", "user-123");
18
19    let decision = engine.evaluate(&read_request)?;
20    println!("decision: {:?}", decision);
21    assert_eq!(decision, Decision::Deny);
22
23    // Override the default effect to allow unmatched requests.
24    let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25        .with_default_effect(Effect::Permit);
26
27    let read_request = Request::new().action("document:read");
28    let decision = permissive_engine.evaluate(&read_request)?;
29    println!("permissive decision: {:?}", decision);
30    assert_eq!(decision, Decision::Permit);
31
32    Ok(())
33}
Source

pub fn condition(self, condition: Condition) -> Self

Examples found in repository?
examples/basic.rs (line 11)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    let policy = Policy::builder("document-read")
10        .target(Target::action("document:read"))
11        .condition(Condition::equals("resource.owner_id", "actor.id"))
12        .effect(Effect::Permit)
13        .build()?;
14
15    let engine = PolicyEngine::from_policies([policy]);
16
17    let request = Request::new()
18        .action("document:read")
19        .actor_attr("id", "user-123")
20        .resource_attr("owner_id", "user-123");
21
22    let decision = engine.evaluate(&request)?;
23    println!("decision: {:?}", decision);
24    assert_eq!(decision, Decision::Permit);
25
26    Ok(())
27}
Source

pub fn effect(self, effect: Effect) -> Self

Examples found in repository?
examples/basic.rs (line 12)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    let policy = Policy::builder("document-read")
10        .target(Target::action("document:read"))
11        .condition(Condition::equals("resource.owner_id", "actor.id"))
12        .effect(Effect::Permit)
13        .build()?;
14
15    let engine = PolicyEngine::from_policies([policy]);
16
17    let request = Request::new()
18        .action("document:read")
19        .actor_attr("id", "user-123")
20        .resource_attr("owner_id", "user-123");
21
22    let decision = engine.evaluate(&request)?;
23    println!("decision: {:?}", decision);
24    assert_eq!(decision, Decision::Permit);
25
26    Ok(())
27}
More examples
Hide additional examples
examples/default_deny.rs (line 12)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    // Engine denies by default when no policy matches.
10    let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11        .target(Target::action("document:write"))
12        .effect(Effect::Permit)
13        .build()?]);
14
15    let read_request = Request::new()
16        .action("document:read")
17        .actor_attr("id", "user-123");
18
19    let decision = engine.evaluate(&read_request)?;
20    println!("decision: {:?}", decision);
21    assert_eq!(decision, Decision::Deny);
22
23    // Override the default effect to allow unmatched requests.
24    let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25        .with_default_effect(Effect::Permit);
26
27    let read_request = Request::new().action("document:read");
28    let decision = permissive_engine.evaluate(&read_request)?;
29    println!("permissive decision: {:?}", decision);
30    assert_eq!(decision, Decision::Permit);
31
32    Ok(())
33}
Source

pub fn build(self) -> Result<Policy>

Examples found in repository?
examples/basic.rs (line 13)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    let policy = Policy::builder("document-read")
10        .target(Target::action("document:read"))
11        .condition(Condition::equals("resource.owner_id", "actor.id"))
12        .effect(Effect::Permit)
13        .build()?;
14
15    let engine = PolicyEngine::from_policies([policy]);
16
17    let request = Request::new()
18        .action("document:read")
19        .actor_attr("id", "user-123")
20        .resource_attr("owner_id", "user-123");
21
22    let decision = engine.evaluate(&request)?;
23    println!("decision: {:?}", decision);
24    assert_eq!(decision, Decision::Permit);
25
26    Ok(())
27}
More examples
Hide additional examples
examples/default_deny.rs (line 13)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9    // Engine denies by default when no policy matches.
10    let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11        .target(Target::action("document:write"))
12        .effect(Effect::Permit)
13        .build()?]);
14
15    let read_request = Request::new()
16        .action("document:read")
17        .actor_attr("id", "user-123");
18
19    let decision = engine.evaluate(&read_request)?;
20    println!("decision: {:?}", decision);
21    assert_eq!(decision, Decision::Deny);
22
23    // Override the default effect to allow unmatched requests.
24    let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25        .with_default_effect(Effect::Permit);
26
27    let read_request = Request::new().action("document:read");
28    let decision = permissive_engine.evaluate(&read_request)?;
29    println!("permissive decision: {:?}", decision);
30    assert_eq!(decision, Decision::Permit);
31
32    Ok(())
33}

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.