authz_core/
model_ast.rs

1//! Abstract Syntax Tree (AST) for the authorization model DSL.
2
3#[derive(Debug, PartialEq, Clone, serde::Serialize)]
4pub struct ModelFile {
5    pub type_defs: Vec<TypeDef>,
6    pub condition_defs: Vec<ConditionDef>,
7}
8
9#[derive(Debug, PartialEq, Clone, serde::Serialize)]
10pub struct TypeDef {
11    pub name: String,
12    pub relations: Vec<RelationDef>,
13    pub permissions: Vec<RelationDef>, // Use RelationDef for both relations and permissions
14}
15
16#[derive(Debug, PartialEq, Clone, serde::Serialize)]
17pub struct RelationDef {
18    pub name: String,
19    pub expression: RelationExpr,
20}
21
22#[derive(Debug, PartialEq, Clone, serde::Serialize)]
23pub enum RelationExpr {
24    Union(Vec<RelationExpr>),
25    Intersection(Vec<RelationExpr>),
26    Exclusion {
27        base: Box<RelationExpr>,
28        subtract: Box<RelationExpr>,
29    },
30    ComputedUserset(String),
31    TupleToUserset {
32        computed_userset: String,
33        tupleset: String,
34    },
35    DirectAssignment(Vec<AssignableTarget>),
36}
37
38#[derive(Debug, PartialEq, Clone, serde::Serialize)]
39pub enum AssignableTarget {
40    Type(String),
41    Userset {
42        type_name: String,
43        relation: String,
44    },
45    Wildcard(String),
46    Conditional {
47        target: Box<AssignableTarget>,
48        condition: String,
49    },
50}
51
52#[derive(Debug, PartialEq, Clone, serde::Serialize)]
53pub struct ConditionDef {
54    pub name: String,
55    pub params: Vec<ConditionParam>,
56    pub expression: String,
57}
58
59#[derive(Debug, PartialEq, Clone, serde::Serialize)]
60pub struct ConditionParam {
61    pub name: String,
62    pub param_type: String,
63}
authz_core/model_ast.rs

authz_core/
model_ast.rs
