allow-me 0.1.1

An authorization library with json-based policy definition.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

use thiserror::Error;

use crate::{PolicyDefinition, Statement};

/// Trait to extend [`PolicyBuilder`](`crate::PolicyBuilder`) validation for policy definition.
pub trait PolicyValidator {
    /// The type of the validation error.
    type Error;

    /// This method is being called by [`PolicyBuilder`](`crate::PolicyBuilder`) for policy definition
    /// while [`Policy`](`crate::Policy`) is being constructed.
    ///
    /// If a policy definitions fails the validation, the error is returned.
    fn validate(&self, definition: &PolicyDefinition) -> Result<(), Self::Error>;
}

/// Provides basic validation that policy definition elements are not empty.
#[derive(Debug)]
pub struct DefaultValidator;

impl PolicyValidator for DefaultValidator {
    type Error = ValidatorError;

    fn validate(&self, definition: &PolicyDefinition) -> Result<(), Self::Error> {
        let errors = definition
            .statements()
            .iter()
            .flat_map(|statement| visit_statement(statement))
            .collect::<Vec<_>>();

        if !errors.is_empty() {
            return Err(ValidatorError::ValidationSummary(errors));
        }
        Ok(())
    }
}

fn visit_statement(statement: &Statement) -> Vec<String> {
    let mut result = vec![];
    if statement.identities().is_empty() {
        result.push("Identities list must not be empty".into());
    }
    if statement.operations().is_empty() {
        result.push("Operations list must not be empty".into());
    }
    result
}

#[derive(Debug, Error)]
pub enum ValidatorError {
    #[error("An error occurred validating policy definition: {0:?}.")]
    ValidationSummary(Vec<String>),
}