Struct biscuit_auth::Authorizer

source · 
pub struct Authorizer<'t> { /* private fields */ }
Expand description

used to check authorization policies on a token

can be created from Biscuit::authorizer or Authorizer::new

Implementations

creates a new empty authorizer

this can be used to check policies when:

  • there is no token (unauthenticated case)
  • there is a lot of data to load in the authorizer on each check

In the latter case, we can create an empty authorizer, load it with the facts, rules and checks, and each time a token must be checked, clone the authorizer and load the token with Authorizer::add_token

creates an Authorizer from a serialized crate::format::schema::AuthorizerPolicies

add a token to an empty authorizer

serializes a authorizer’s content

you can use this to save a set of policies and load them quickly before verification, or to store a verification context to debug it later

Add the rules, facts, checks, and policies of another Authorizer. If a token has already been added to other, it is not merged into self.

Add the rules, facts, and checks of another BlockBuilder.

adds some datalog code to the authorizer

extern crate biscuit_auth as biscuit;

use biscuit::Authorizer;

let mut authorizer = Authorizer::new();

authorizer.add_code(r#"
  resource("/file1.txt");

  check if user(1234);

  // default allow
  allow if true;
"#).expect("should parse correctly");

run a query over the authorizer’s Datalog engine to gather data

let keypair = KeyPair::new();
let mut builder = Biscuit::builder();
builder.add_fact("user(\"John Doe\", 42)");

let biscuit = builder.build(&keypair).unwrap();

let mut authorizer = biscuit.authorizer().unwrap();
let res: Vec<(String, i64)> = authorizer.query("data($name, $id) <- user($name, $id)").unwrap();

run a query over the authorizer’s Datalog engine to gather data

this only sees facts from the authorizer and the authority block

this method can specify custom runtime limits

run a query over the authorizer’s Datalog engine to gather data

this has access to the facts generated when evaluating all the blocks

let keypair = KeyPair::new();
let mut builder = Biscuit::builder();
builder.add_fact("user(\"John Doe\", 42)");

let biscuit = builder.build(&keypair).unwrap();

let mut authorizer = biscuit.authorizer().unwrap();
let res: Vec<(String, i64)> = authorizer.query("data($name, $id) <- user($name, $id)").unwrap();

run a query over the authorizer’s Datalog engine to gather data

this has access to the facts generated when evaluating all the blocks

this method can specify custom runtime limits

adds a fact with the current time

add a policy to the authorizer

todo remove, it’s covered in BuilderExt adds a allow if true policy

adds a deny if true policy

verifies the checks and policiies

on error, this can return a list of all the failed checks or deny policy on success, it returns the index of the policy that matched

verifies the checks and policiies

on error, this can return a list of all the failed checks or deny policy

this method can specify custom runtime limits todo consume the input to prevent further direct use

prints the content of the authorizer

returns all of the data loaded in the authorizer

Trait Implementations

Returns a copy of the value. Read more
Performs copy-assignment from source. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.