pub struct Policy { /* private fields */ }
Expand description
Structure for a Policy
. Includes both static policies and template-linked policies.
Implementations§
source§impl Policy
impl Policy
sourcepub fn template_id(&self) -> Option<&PolicyId>
pub fn template_id(&self) -> Option<&PolicyId>
Get the PolicyId
of the Template
this is linked to.
If this is a static policy, this will return None
.
sourcepub fn template_links(&self) -> Option<HashMap<SlotId, EntityUid>>
pub fn template_links(&self) -> Option<HashMap<SlotId, EntityUid>>
Get the values this Template
is linked to, expressed as a map from SlotId
to EntityUid
.
If this is a static policy, this will return None
.
sourcepub fn annotation(&self, key: impl AsRef<str>) -> Option<&str>
pub fn annotation(&self, key: impl AsRef<str>) -> Option<&str>
Get an annotation value of this template-linked or static policy
If the annotation is present without an explicit value (e.g., @annotation
),
then this function returns Some("")
. It returns None
only when the
annotation is not present.
sourcepub fn annotations(&self) -> impl Iterator<Item = (&str, &str)>
pub fn annotations(&self) -> impl Iterator<Item = (&str, &str)>
Iterate through annotation data of this template-linked or static policy
Annotations which do not have an explicit value (e.g., @annotation
),
are included in the iterator with the value ""
.
sourcepub fn principal_constraint(&self) -> PrincipalConstraint
pub fn principal_constraint(&self) -> PrincipalConstraint
Get the scope constraint on this policy’s principal
sourcepub fn action_constraint(&self) -> ActionConstraint
pub fn action_constraint(&self) -> ActionConstraint
Get the scope constraint on this policy’s action
sourcepub fn resource_constraint(&self) -> ResourceConstraint
pub fn resource_constraint(&self) -> ResourceConstraint
Get the scope constraint on this policy’s resource
sourcepub fn parse(
id: Option<PolicyId>,
policy_src: impl AsRef<str>,
) -> Result<Self, ParseErrors>
pub fn parse( id: Option<PolicyId>, policy_src: impl AsRef<str>, ) -> Result<Self, ParseErrors>
Parse a single policy.
If id
is Some, the policy will be given that Policy Id.
If id
is None, then “policy0” will be used.
The behavior around None may change in the future.
This can fail if the policy fails to parse. It can also fail if a template was passed in, as this function only accepts static policies
sourcepub fn from_json(
id: Option<PolicyId>,
json: Value,
) -> Result<Self, PolicyFromJsonError>
pub fn from_json( id: Option<PolicyId>, json: Value, ) -> Result<Self, PolicyFromJsonError>
Create a Policy
from its JSON representation.
If id
is Some, the policy will be given that Policy Id.
If id
is None, then “JSON policy” will be used.
The behavior around None may change in the future.
let json: serde_json::Value = serde_json::json!(
{
"effect":"permit",
"principal":{
"op":"==",
"entity":{
"type":"User",
"id":"bob"
}
},
"action":{
"op":"==",
"entity":{
"type":"Action",
"id":"view"
}
},
"resource":{
"op":"==",
"entity":{
"type":"Album",
"id":"trip"
}
},
"conditions":[
{
"kind":"when",
"body":{
">":{
"left":{
".":{
"left":{
"Var":"principal"
},
"attr":"age"
}
},
"right":{
"Value":18
}
}
}
}
]
}
);
let json_policy = Policy::from_json(None, json).unwrap();
let src = r#"
permit(
principal == User::"bob",
action == Action::"view",
resource == Album::"trip"
)
when { principal.age > 18 };"#;
let text_policy = Policy::parse(None, src).unwrap();
assert_eq!(json_policy.to_json().unwrap(), text_policy.to_json().unwrap());
sourcepub fn get_valid_request_envs(
&self,
s: &Schema,
) -> impl Iterator<Item = RequestEnv>
pub fn get_valid_request_envs( &self, s: &Schema, ) -> impl Iterator<Item = RequestEnv>
Get valid RequestEnv
s.
A RequestEnv
is valid when the policy type checks w.r.t requests
that satisfy it.
sourcepub fn entity_literals(&self) -> Vec<EntityUid>
pub fn entity_literals(&self) -> Vec<EntityUid>
Get all entity literals occuring in a Policy
sourcepub fn sub_entity_literals(
&self,
mapping: BTreeMap<EntityUid, EntityUid>,
) -> Result<Self, PolicyFromJsonError>
pub fn sub_entity_literals( &self, mapping: BTreeMap<EntityUid, EntityUid>, ) -> Result<Self, PolicyFromJsonError>
Return a new policy where all occurences of key EntityUid
s are replaced by value EntityUid
(as a single, non-sequential substitution).
sourcepub fn to_json(&self) -> Result<Value, PolicyToJsonError>
pub fn to_json(&self) -> Result<Value, PolicyToJsonError>
Get the JSON representation of this Policy
.
let src = r#"
permit(
principal == User::"bob",
action == Action::"view",
resource == Album::"trip"
)
when { principal.age > 18 };"#;
let policy = Policy::parse(None, src).unwrap();
println!("{}", policy);
// convert the policy to JSON
let json = policy.to_json().unwrap();
println!("{}", json);
assert_eq!(json, Policy::from_json(None, json.clone()).unwrap().to_json().unwrap());
sourcepub fn unknown_entities(&self) -> HashSet<EntityUid>
Available on crate feature partial-eval
only.
pub fn unknown_entities(&self) -> HashSet<EntityUid>
partial-eval
only.Get all the unknown entities from the policy
Trait Implementations§
source§impl FromStr for Policy
impl FromStr for Policy
source§fn from_str(policy: &str) -> Result<Self, Self::Err>
fn from_str(policy: &str) -> Result<Self, Self::Err>
Create a policy
Important note: Policies have ids, but this interface does not
allow them to be set. It will use the default “policy0”, which
may cause id conflicts if not handled. Use Policy::parse
to set
the id when parsing, or Policy::new_id
to clone a policy with
a new id.
source§type Err = ParseErrors
type Err = ParseErrors
impl Eq for Policy
Auto Trait Implementations§
impl Freeze for Policy
impl RefUnwindSafe for Policy
impl Send for Policy
impl Sync for Policy
impl Unpin for Policy
impl UnwindSafe for Policy
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key
and return true
if they are equal.source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more