1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
use crate::{DatabaseRecord, Error, Record};
/// The `AuthorizeAction` trait of the Aragog library.
/// This traits allows provides the ability to authorize a [`Record`] to execute a custom action on
/// an other one.
///
/// # Example
/// ```rust
/// # use aragog::{AuthorizeAction, DatabaseRecord, Record, Validate};
/// # use serde::{Deserialize, Serialize};
/// #
/// #[derive(Serialize, Deserialize, Clone, Record, Validate)]
/// pub struct Employee {
/// pub is_cook: bool,
/// pub is_accountant: bool,
/// }
///
/// #[derive(Serialize, Deserialize, Clone, Record, Validate)]
/// pub struct Company {
/// pub taxes_payed: bool,
/// pub is_cooking_done: bool,
/// }
///
/// pub enum EmployeeAction {
/// Cook,
/// PayTaxes
/// }
///
/// impl AuthorizeAction<Company> for Employee {
/// type Action = EmployeeAction;
///
/// fn is_action_authorized(&self, action: Self::Action, target: Option<&DatabaseRecord<Company>>) -> bool {
/// if target.is_none() { return false; }
/// let target = target.unwrap();
/// match action {
/// EmployeeAction::Cook => self.is_cook && !target.is_cooking_done,
/// EmployeeAction::PayTaxes => self.is_accountant && !target.taxes_payed,
/// }
/// }
/// }
/// ```
///
/// [`Record`]: crate::Record
pub trait AuthorizeAction<T: Record> {
/// The action type to be authorized, like a custom enum of ACL actions (write, read) or more
/// logic operations.
type Action;
/// If the object is authorized to do `action` on `target` then the method will return `Ok(())`,
///
/// # Errors
/// On failure an [`Error`]::[`Forbidden`] is returned.
///
/// [`Error`]: crate::Error
/// [`Forbidden`]: crate::Error::Forbidden
fn authorize_action(
&self,
action: Self::Action,
target: Option<&DatabaseRecord<T>>,
) -> Result<(), Error> {
if self.is_action_authorized(action, target) {
return Ok(());
}
Err(Error::Forbidden(None))
}
/// Returns true if the object is authorized to do `action` on `target`
fn is_action_authorized(
&self,
action: Self::Action,
target: Option<&DatabaseRecord<T>>,
) -> bool;
}