authorized 0.1.1

Authorized struct's fields
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138


//! Authorized is a library helping you authorize behaviour on struct by defining allowed or denied
//! scopes.
//!
//! You can use this to only expose field's value to authorized scopes

#![warn(
    clippy::all,
    // clippy::restriction,
    clippy::pedantic,
    clippy::nursery,
    // clippy::cargo
)]
#![recursion_limit = "256"]


pub mod scope;

mod error;
mod result;
#[cfg(feature = "with_serde")]
mod serde;

pub mod prelude;

use scope::IntoScope;
use scope::Scope;

use error::*;
use result::*;

pub type UnAuthorizedFields<'a> = Vec<&'a str>;

pub trait Authorizable {
    type Authorized;

    fn filter_unauthorized_fields<'a>(&'a self, scope: &Scope) -> UnAuthorizedFields<'a>;
    fn authorize<'a>(
        &'a self,
        authorizer: &Scope,
    ) -> Result<AuthorizedResult<'a, Self::Authorized>, AuthorizedError>;
}


/// Authorizor exposed mthods to help you authorize structures which implement
/// [Authorizable](trait.Authorizable.html) trait.
pub struct Authorizor {}

impl Authorizor {
    /// Create an authorized version of the input structure validated by the scope implementing
    /// [`IntoScope`](scope/trait.IntoScope.html).
    ///
    /// It returns an [`AuthorizedResult`](struct.AuthorizedResult.html) which allow you to know
    /// which fields have been secured and if the whole structure is authorized or not.
    pub fn authorize<'a, A: Authorizable, T: IntoScope>(
        inner: &'a A,
        scope: &T,
    ) -> Result<AuthorizedResult<'a, A::Authorized>, AuthorizedError> {
        let scope: Scope = scope.into_scope()?;

        inner.authorize(&scope)
    }
}

pub trait Authorized {
    #[cfg(feature = "with_serde")]
    type Source: Authorizable + ::serde::ser::Serialize;
    #[cfg(not(feature = "with_serde"))]
    type Source: Authorizable;

    fn build_serialize_struct<E>(&self, unauthorized_fields: &[&str]) -> Result<Self::Source, E>;
}

// #[cfg(test)]
// mod tests {
//     use super::*;

//     #[test]
//     fn it_works() {
//         let based_user = MyUser {
//             name: "name".into(),
//             pass: "pass".into(),
//             email: "email".into(),
//         };

//         let user: AuthorizedResult<AuthorizedUser> = based_user
//             .authorize(&"user read:user".parse::<Scope>().unwrap())
//             .unwrap();

//         assert_eq!(user.status, AuthorizationStatus::Authorized);
//         assert_eq!(user.inner.name, Some("name".to_owned()));
//         assert_eq!(user.inner.pass, Some("pass".to_owned()));

//         let json = serde_json::to_string(&user).unwrap();
//         assert_eq!(
//             json,
//             serde_json::to_string(&json!({"name": "name"})).unwrap()
//         );

//         let user: AuthorizedResult<AuthorizedUser> = based_user
//             .authorize(&"guest".parse::<Scope>().unwrap())
//             .unwrap();

//         assert_eq!(user.status, AuthorizationStatus::UnAuthorized);

//         assert_eq!(user.inner.name, None);
//         assert_eq!(user.inner.pass, None);

//         let json = serde_json::to_string(&user).unwrap();
//         assert_eq!(json, serde_json::to_string(&json!({})).unwrap());

//         let user: AuthorizedResult<AuthorizedUser> = based_user
//             .authorize(&"read:user admin".parse::<Scope>().unwrap())
//             .unwrap();

//         assert_eq!(user.status, AuthorizationStatus::Authorized);
//         assert_eq!(user.inner.name, Some("name".to_owned()));
//         assert_eq!(user.inner.pass, Some("pass".to_owned()));

//         let json = serde_json::to_string(&user).unwrap();
//         assert_eq!(
//             json,
//             serde_json::to_string(&json!({"name": "name", "pass": "pass"})).unwrap()
//         );

//         let user = Authorizor::authorize(&based_user, "read:user admin").unwrap();

//         assert_eq!(user.status, AuthorizationStatus::Authorized);
//         assert_eq!(user.inner.name, Some("name".to_owned()));
//         assert_eq!(user.inner.pass, Some("pass".to_owned()));

//         let json = serde_json::to_string(&user).unwrap();
//         assert_eq!(
//             json,
//             serde_json::to_string(&json!({"name": "name", "pass": "pass"})).unwrap()
//         );
//     }
// }