SpiceDbObject

beep_authz::object

Enum SpiceDbObject 

Source 
pub enum SpiceDbObject {
    Server(String),
    Channel(String),
    User(String),
    PermissionOverride(String),
}
Expand description

Represents different types of objects in the SpiceDB authorization system.

SpiceDbObject is used to identify resources and subjects when performing permission checks. Each variant represents a different type of entity in your application’s domain model.

§Object Types

  • Server - A server/workspace that contains channels, users, and roles
  • Channel - A communication channel within a server
  • User - A user/subject that can have permissions
  • PermissionOverride - A permission override rule

§Examples

use authz::{SpiceDbObject, SpiceDbRepository, Permissions};

// Check if a user can view a channel
let result = repo.check_permissions(
    SpiceDbObject::Channel("general-chat".to_string()),
    Permissions::ViewChannels,
    SpiceDbObject::User("user-123".to_string()),
).await;

// Check if a user is a server admin
let is_admin = repo.check_permissions(
    SpiceDbObject::Server("my-server".to_string()),
    Permissions::Administrator,
    SpiceDbObject::User("user-456".to_string()),
).await.has_permissions();

§SpiceDB Integration

Each SpiceDbObject is converted into a SpiceDB ObjectReference when communicating with the SpiceDB API. The object type determines the namespace used in SpiceDB’s schema.

Variants§

§

Server(String)

A server object identified by its unique ID.

Servers are top-level containers that can have channels, users, roles, and other resources. They correspond to the “server” object type in SpiceDB.

§Example

use authz::SpiceDbObject;

let server = SpiceDbObject::Server("server-abc-123".to_string());
§

Channel(String)

A channel object identified by its unique ID.

Channels are communication spaces within a server where users can view and send messages. They correspond to the “channel” object type in SpiceDB.

§Example

use authz::SpiceDbObject;

let channel = SpiceDbObject::Channel("channel-xyz-789".to_string());
§

User(String)

A user object identified by its unique ID.

Users are subjects that can have permissions on resources. They correspond to the “user” object type in SpiceDB.

§Example

use authz::SpiceDbObject;

let user = SpiceDbObject::User("user-def-456".to_string());
§

PermissionOverride(String)

A permission override object identified by its unique ID.

Permission overrides allow fine-grained control over access rules. They correspond to the “permission_override” object type in SpiceDB.

§Example

use authz::SpiceDbObject;

let override_rule = SpiceDbObject::PermissionOverride("override-001".to_string());

Trait Implementations§

Source§

impl Into<ObjectReference> for SpiceDbObject

Converts a SpiceDbObject into a SpiceDB ObjectReference.

This implementation allows SpiceDbObject to be used directly in permission check operations. The conversion maps the object to SpiceDB’s wire format.

Source§

fn into(self) -> ObjectReference

Converts this type into the (usually inferred) input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more