coil-auth 0.1.0

Authorisation models and auth package support for the Coil framework.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

use super::*;

mod conversion;
mod index;
mod matching;
mod rules;
mod traversal;

use traversal::build_relation_trace;

pub(crate) fn build_capability_explanation<P>(
    package: &P,
    tuples: &[Tuple],
    subject: &DefaultSubject,
    capability: Capability,
    object: &Entity,
    options: ExplainOptions,
) -> Result<CapabilityExplanation, CoilAuthError>
where
    P: AuthModelPackage + ?Sized,
{
    let binding = package.resolve_binding(capability, object)?.clone();
    let trace = build_relation_trace(
        package.schema(),
        tuples,
        subject,
        binding.relation,
        object,
        options,
    )?;
    let decision = match &trace {
        ExplainTrace::Allowed(_) => ExplainDecision::Allow,
        ExplainTrace::Denied(_) => ExplainDecision::Deny,
    };

    Ok(CapabilityExplanation {
        manifest: package.manifest().clone(),
        subject: subject.clone(),
        capability,
        object: object.clone(),
        binding,
        decision,
        options: options.normalized(),
        trace,
    })
}