Struct PolicyAuthorizer 

pub struct PolicyAuthorizer<'a> { /* private fields */ }

Evaluates authorization rules (SRP - extracted from Policy)

This struct is responsible only for evaluating whether a given peer/action/resource combination is allowed by a set of rules.

It does NOT handle:

• Policy construction
• Policy validation
• Policy serialization
• Rule management

Example

use core_policy::{PolicyRule, Action, Resource};
use core_policy::authorizer::PolicyAuthorizer;

let rules = vec![
    PolicyRule::new("alice".to_string(), Action::Read, Resource::All),
];

let authorizer = PolicyAuthorizer::new(&rules);
assert!(authorizer.is_allowed("alice", &Action::Read, &Resource::File("/docs/file.txt".into())));
assert!(!authorizer.is_allowed("bob", &Action::Read, &Resource::File("/docs/file.txt".into())));

Implementations

impl<'a> PolicyAuthorizer<'a>

pub const fn new(rules: &'a [PolicyRule]) -> Self

Create a new authorizer with the given rules

pub fn is_allowed( &self, peer_id: &str, action: &Action, resource: &Resource, ) -> bool

Check if a peer is allowed to perform an action on a resource (RBAC)

This performs basic Role-Based Access Control checking without time or context validation.

Arguments

• peer_id - The peer attempting the action
• action - The action to perform
• resource - The resource to access

Returns

true if at least one rule allows the access, false otherwise

pub fn is_allowed_with_context( &self, peer_id: &str, action: &Action, resource: &Resource, current_time: u64, context: &BTreeMap<String, String>, ) -> bool

Check if a peer is allowed with full ABAC validation

This performs Attribute-Based Access Control checking including:

• Basic RBAC (peer/action/resource)
• Time-based validation (expiration)
• Context attributes validation

Arguments

• peer_id - The peer attempting the action
• action - The action to perform
• resource - The resource to access
• current_time - Current Unix timestamp for expiration checks
• context - Context attributes for ABAC

Returns

true if at least one rule allows the access with valid time and context, false otherwise

pub fn matching_rules( &'a self, peer_id: &'a str, action: &'a Action, resource: &'a Resource, ) -> impl Iterator<Item = &'a PolicyRule> + 'a

Get all rules that allow a specific peer/action/resource combination

Useful for auditing and debugging authorization decisions.

Returns

An iterator over all matching rules

pub fn rule_count(&self) -> usize

Get the number of rules being evaluated

Trait Implementations

impl<'a> Authorizer for PolicyAuthorizer<'a>

fn is_allowed( &self, peer_id: &str, action: &Action, resource: &Resource, ) -> bool

Check if access is allowed

impl<'a> Debug for PolicyAuthorizer<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.