bc-xid 0.22.0

Unique, stable, extensible, and verifiable identifiers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

use std::collections::HashSet;

use bc_envelope::prelude::*;
use known_values::{ALLOW, DENY};

use super::Privilege;
use crate::Result;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Permissions {
    allow: HashSet<Privilege>,
    deny: HashSet<Privilege>,
}

pub trait HasPermissions {
    fn permissions(&self) -> &Permissions;
    fn permissions_mut(&mut self) -> &mut Permissions;

    fn allow(&self) -> &HashSet<Privilege> { &self.permissions().allow }

    fn deny(&self) -> &HashSet<Privilege> { &self.permissions().deny }

    fn allow_mut(&mut self) -> &mut HashSet<Privilege> {
        &mut self.permissions_mut().allow
    }

    fn deny_mut(&mut self) -> &mut HashSet<Privilege> {
        &mut self.permissions_mut().deny
    }

    fn add_allow(&mut self, privilege: Privilege) {
        self.allow_mut().insert(privilege);
    }

    fn add_deny(&mut self, privilege: Privilege) {
        self.deny_mut().insert(privilege);
    }

    fn remove_allow(&mut self, privilege: &Privilege) {
        self.allow_mut().remove(privilege);
    }

    fn remove_deny(&mut self, privilege: &Privilege) {
        self.deny_mut().remove(privilege);
    }

    fn clear_all_permissions(&mut self) {
        self.permissions_mut().allow.clear();
        self.permissions_mut().deny.clear();
    }
}

impl Permissions {
    pub fn new() -> Self {
        Self { allow: HashSet::new(), deny: HashSet::new() }
    }

    pub fn new_allow_all() -> Self {
        let mut allow = HashSet::new();
        allow.insert(Privilege::All);
        Self { allow, deny: HashSet::new() }
    }

    pub fn add_to_envelope(&self, envelope: Envelope) -> Envelope {
        let mut envelope = envelope;
        envelope = self.allow.iter().fold(envelope, |envelope, privilege| {
            envelope.add_assertion(ALLOW, privilege)
        });
        envelope = self.deny.iter().fold(envelope, |envelope, privilege| {
            envelope.add_assertion(DENY, privilege)
        });
        envelope
    }

    pub fn try_from_envelope(envelope: &Envelope) -> Result<Self> {
        let allow = envelope
            .objects_for_predicate(ALLOW)
            .iter()
            .cloned()
            .map(Privilege::try_from)
            .collect::<Result<HashSet<_>>>()?;
        let deny = envelope
            .objects_for_predicate(DENY)
            .iter()
            .cloned()
            .map(Privilege::try_from)
            .collect::<Result<HashSet<_>>>()?;
        Ok(Self { allow, deny })
    }
}

impl HasPermissions for Permissions {
    fn permissions(&self) -> &Permissions { self }

    fn permissions_mut(&mut self) -> &mut Permissions { self }
}

impl Default for Permissions {
    fn default() -> Self { Self::new() }
}