pub struct Request { /* private fields */ }Expand description
Authorization request under evaluation.
Implementations§
Source§impl Request
impl Request
Sourcepub fn new() -> Self
pub fn new() -> Self
Create an empty request.
Examples found in repository?
examples/basic.rs (line 17)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 let policy = Policy::builder("document-read")
10 .target(Target::action("document:read"))
11 .condition(Condition::equals("resource.owner_id", "actor.id"))
12 .effect(Effect::Permit)
13 .build()?;
14
15 let engine = PolicyEngine::from_policies([policy]);
16
17 let request = Request::new()
18 .action("document:read")
19 .actor_attr("id", "user-123")
20 .resource_attr("owner_id", "user-123");
21
22 let decision = engine.evaluate(&request)?;
23 println!("decision: {:?}", decision);
24 assert_eq!(decision, Decision::Permit);
25
26 Ok(())
27}More examples
examples/default_deny.rs (line 15)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 // Engine denies by default when no policy matches.
10 let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11 .target(Target::action("document:write"))
12 .effect(Effect::Permit)
13 .build()?]);
14
15 let read_request = Request::new()
16 .action("document:read")
17 .actor_attr("id", "user-123");
18
19 let decision = engine.evaluate(&read_request)?;
20 println!("decision: {:?}", decision);
21 assert_eq!(decision, Decision::Deny);
22
23 // Override the default effect to allow unmatched requests.
24 let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25 .with_default_effect(Effect::Permit);
26
27 let read_request = Request::new().action("document:read");
28 let decision = permissive_engine.evaluate(&read_request)?;
29 println!("permissive decision: {:?}", decision);
30 assert_eq!(decision, Decision::Permit);
31
32 Ok(())
33}Sourcepub fn action(self, action: impl Into<String>) -> Self
pub fn action(self, action: impl Into<String>) -> Self
Set the action verb for the request.
Examples found in repository?
examples/basic.rs (line 18)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 let policy = Policy::builder("document-read")
10 .target(Target::action("document:read"))
11 .condition(Condition::equals("resource.owner_id", "actor.id"))
12 .effect(Effect::Permit)
13 .build()?;
14
15 let engine = PolicyEngine::from_policies([policy]);
16
17 let request = Request::new()
18 .action("document:read")
19 .actor_attr("id", "user-123")
20 .resource_attr("owner_id", "user-123");
21
22 let decision = engine.evaluate(&request)?;
23 println!("decision: {:?}", decision);
24 assert_eq!(decision, Decision::Permit);
25
26 Ok(())
27}More examples
examples/default_deny.rs (line 16)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 // Engine denies by default when no policy matches.
10 let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11 .target(Target::action("document:write"))
12 .effect(Effect::Permit)
13 .build()?]);
14
15 let read_request = Request::new()
16 .action("document:read")
17 .actor_attr("id", "user-123");
18
19 let decision = engine.evaluate(&read_request)?;
20 println!("decision: {:?}", decision);
21 assert_eq!(decision, Decision::Deny);
22
23 // Override the default effect to allow unmatched requests.
24 let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25 .with_default_effect(Effect::Permit);
26
27 let read_request = Request::new().action("document:read");
28 let decision = permissive_engine.evaluate(&read_request)?;
29 println!("permissive decision: {:?}", decision);
30 assert_eq!(decision, Decision::Permit);
31
32 Ok(())
33}Sourcepub fn actor_attr(
self,
key: impl Into<String>,
value: impl Into<String>,
) -> Self
pub fn actor_attr( self, key: impl Into<String>, value: impl Into<String>, ) -> Self
Add an attribute that belongs to the actor (subject) performing the request.
Examples found in repository?
examples/basic.rs (line 19)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 let policy = Policy::builder("document-read")
10 .target(Target::action("document:read"))
11 .condition(Condition::equals("resource.owner_id", "actor.id"))
12 .effect(Effect::Permit)
13 .build()?;
14
15 let engine = PolicyEngine::from_policies([policy]);
16
17 let request = Request::new()
18 .action("document:read")
19 .actor_attr("id", "user-123")
20 .resource_attr("owner_id", "user-123");
21
22 let decision = engine.evaluate(&request)?;
23 println!("decision: {:?}", decision);
24 assert_eq!(decision, Decision::Permit);
25
26 Ok(())
27}More examples
examples/default_deny.rs (line 17)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 // Engine denies by default when no policy matches.
10 let engine = PolicyEngine::from_policies([Policy::builder("allow-write")
11 .target(Target::action("document:write"))
12 .effect(Effect::Permit)
13 .build()?]);
14
15 let read_request = Request::new()
16 .action("document:read")
17 .actor_attr("id", "user-123");
18
19 let decision = engine.evaluate(&read_request)?;
20 println!("decision: {:?}", decision);
21 assert_eq!(decision, Decision::Deny);
22
23 // Override the default effect to allow unmatched requests.
24 let permissive_engine = PolicyEngine::from_policies(Vec::<Policy>::new())
25 .with_default_effect(Effect::Permit);
26
27 let read_request = Request::new().action("document:read");
28 let decision = permissive_engine.evaluate(&read_request)?;
29 println!("permissive decision: {:?}", decision);
30 assert_eq!(decision, Decision::Permit);
31
32 Ok(())
33}Sourcepub fn resource_attr(
self,
key: impl Into<String>,
value: impl Into<String>,
) -> Self
pub fn resource_attr( self, key: impl Into<String>, value: impl Into<String>, ) -> Self
Add an attribute belonging to the resource being accessed.
Examples found in repository?
examples/basic.rs (line 20)
8fn main() -> Result<(), Box<dyn std::error::Error>> {
9 let policy = Policy::builder("document-read")
10 .target(Target::action("document:read"))
11 .condition(Condition::equals("resource.owner_id", "actor.id"))
12 .effect(Effect::Permit)
13 .build()?;
14
15 let engine = PolicyEngine::from_policies([policy]);
16
17 let request = Request::new()
18 .action("document:read")
19 .actor_attr("id", "user-123")
20 .resource_attr("owner_id", "user-123");
21
22 let decision = engine.evaluate(&request)?;
23 println!("decision: {:?}", decision);
24 assert_eq!(decision, Decision::Permit);
25
26 Ok(())
27}Sourcepub fn environment_attr(
self,
key: impl Into<String>,
value: impl Into<String>,
) -> Self
pub fn environment_attr( self, key: impl Into<String>, value: impl Into<String>, ) -> Self
Add an attribute describing the surrounding environment (time, IP, etc.).
Sourcepub fn action_name(&self) -> &str
pub fn action_name(&self) -> &str
Return the configured action, if any.
Trait Implementations§
Auto Trait Implementations§
impl Freeze for Request
impl RefUnwindSafe for Request
impl Send for Request
impl Sync for Request
impl Unpin for Request
impl UnwindSafe for Request
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more