bc-xid 0.4.0

Unique, stable, extensible, and verifiable identifiers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

use std::collections::HashSet;

use anyhow::Result;
use bc_envelope::prelude::*;
use known_values::{ALLOW, DENY};

use super::Privilege;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Permissions {
    allow: HashSet<Privilege>,
    deny: HashSet<Privilege>,
}

pub trait HasPermissions {
    fn permissions(&self) -> &Permissions;
    fn permissions_mut(&mut self) -> &mut Permissions;

    fn allow(&self) -> &HashSet<Privilege> {
        &self.permissions().allow
    }

    fn deny(&self) -> &HashSet<Privilege> {
        &self.permissions().deny
    }

    fn allow_mut(&mut self) -> &mut HashSet<Privilege> {
        &mut self.permissions_mut().allow
    }

    fn deny_mut(&mut self) -> &mut HashSet<Privilege> {
        &mut self.permissions_mut().deny
    }

    fn add_allow(&mut self, privilege: Privilege) {
        self.allow_mut().insert(privilege);
    }

    fn add_deny(&mut self, privilege: Privilege) {
        self.deny_mut().insert(privilege);
    }

    fn remove_allow(&mut self, privilege: &Privilege) {
        self.allow_mut().remove(privilege);
    }

    fn remove_deny(&mut self, privilege: &Privilege) {
        self.deny_mut().remove(privilege);
    }

    fn clear_all_permissions(&mut self) {
        self.permissions_mut().allow.clear();
        self.permissions_mut().deny.clear();
    }
}

impl Permissions {
    pub fn new() -> Self {
        Self {
            allow: HashSet::new(),
            deny: HashSet::new(),
        }
    }

    pub fn new_allow_all() -> Self {
        let mut allow = HashSet::new();
        allow.insert(Privilege::All);
        Self {
            allow,
            deny: HashSet::new(),
        }
    }

    pub fn add_to_envelope(&self, envelope: Envelope) -> Envelope {
        let mut envelope = envelope;
        envelope = self.allow.iter().fold(envelope, |envelope, privilege| envelope.add_assertion(ALLOW, privilege));
        envelope = self.deny.iter().fold(envelope, |envelope, privilege| envelope.add_assertion(DENY, privilege));
        envelope
    }

    pub fn try_from_envelope(envelope: &Envelope) -> Result<Self> {
        let allow = envelope.objects_for_predicate(ALLOW).iter().cloned().map(Privilege::try_from).collect::<Result<HashSet<_>>>()?;
        let deny = envelope.objects_for_predicate(DENY).iter().cloned().map(Privilege::try_from).collect::<Result<HashSet<_>>>()?;
        Ok(Self { allow, deny })
    }
}

impl HasPermissions for Permissions {
    fn permissions(&self) -> &Permissions {
        self
    }

    fn permissions_mut(&mut self) -> &mut Permissions {
        self
    }
}

impl Default for Permissions {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use indoc::indoc;

    #[test]
    fn permissions() {
        let mut permissions = Permissions::new();
        assert!(permissions.allow().is_empty());
        assert!(permissions.deny().is_empty());

        permissions.allow_mut().insert(Privilege::All);
        permissions.deny_mut().insert(Privilege::Verify);

        let envelope = permissions.add_to_envelope(Envelope::new("Subject"));
        let permissions2 = Permissions::try_from_envelope(&envelope).unwrap();
        assert_eq!(permissions, permissions2);

        assert_eq!(envelope.format(),
        indoc! {r#"
        "Subject" [
            'allow': 'All'
            'deny': 'Verify'
        ]
        "#}.trim());
    }
}