Expand description
Attribute-Based Access Control (ABAC) system for Cloudillo
Implements classic ABAC with 4-object model:
- Subject: Authenticated user (AuthCtx)
- Action: Operation being performed (string like “file:read”)
- Object: Resource being accessed (implements AttrSet trait)
- Environment: Context (time, etc.)
Structs§
- Collection
Policy - Collection-level policy configuration
- Condition
- Policy rule condition
- Environment
- Environment attributes (environmental context)
- Permission
Checker - Main permission checker
- Policy
- ABAC Policy (collection of rules)
- Policy
Rule - Policy rule
- Profile
Policy - Profile-level policy configuration (TOP + BOTTOM)
Enums§
- Effect
- Operator
- Subject
Access Level - Subject’s access level to a resource based on their relationship with the owner
- Visibility
Level - Visibility levels for resources (files, actions, profile fields)
Traits§
- AttrSet
- Attribute set trait - all objects implement this
Functions§
- can_
view_ item - Check if subject can view an item based on visibility and relationship