[−][src]Crate allow_me
An authorization library with json-based policy definition.
Define your authorization rules in a simple Identity (I), Operation (O),
Resource (R) model. Evaluate requests against your policy rules.
Supports the following customizations:
- variable rules and custom variables,
- custom resource matching,
- custom validation,
- default decision if no rules match.
Examples
use allow_me::{Decision, PolicyBuilder, Request}; let json = r#"{ "statements": [ { "effect": "allow", "identities": [ "actor_a" ], "operations": [ "write" ], "resources": [ "resource_1" ] } ] }"#; // Construct the policy. let policy = PolicyBuilder::from_json(json).build().unwrap(); // Prepare request (e.g. from user input). let request = Request::new("actor_a", "write", "resource_1").unwrap(); // Evaluate the request. match policy.evaluate(&request).unwrap() { Decision::Allowed => println!("Allowed"), Decision::Denied => { panic!("Denied!") } };
See more in Examples folder.
Re-exports
pub use crate::matcher::ResourceMatcher; |
Modules
| matcher |
Structs
| DefaultSubstituter | Default implementation of |
| DefaultValidator | Provides basic validation that policy definition elements are not empty. |
| Policy | Policy engine. Represents a read-only set of rules and can
evaluate |
| PolicyBuilder | A policy builder, responsible for parsing policy definition
and constructing |
| PolicyDefinition | Represents a deserialized policy definition. |
| Request | Represents a request that needs to be evaluated by |
| Statement | Represents a statement in a policy definition. |
| VariableIter | A simple iterator that returns all occurrences
of variable substrings like |
Enums
| Decision | Represents a decision on the |
| Effect | Represents an effect on a statement. |
| Error |
Traits
| PolicyValidator | Trait to extend |
| Substituter | Trait to extend |
Type Definitions
| Result | A specialized |