crudcrate 0.8.0

Derive complete REST APIs from Sea-ORM entities — endpoints, filtering, pagination, batch ops, and OpenAPI on Axum
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

/// Controls query filtering and field visibility for scoped (e.g., public) requests.
///
/// Inject via Axum `Extension` in middleware. When present:
/// - `get_all_handler` merges `condition` into the query filter
/// - `get_one_handler` verifies the fetched record passes the condition
/// - If scoped models exist (`exclude(scoped)` on fields), handlers return the scoped
///   model type which omits those fields from the response
///
/// Auth-system-agnostic — write middleware that converts your auth state into this.
///
/// # Example
///
/// ```rust,ignore
/// use crudcrate::ScopeCondition;
/// use sea_orm::Condition;
///
/// // Middleware: inject scope for unauthenticated users
/// if !is_admin(&req) {
///     req.extensions_mut().insert(ScopeCondition::new(
///         Condition::all().add(article::Column::IsPrivate.eq(false))
///     ));
/// }
/// ```
#[derive(Clone)]
pub struct ScopeCondition {
    pub condition: sea_orm::Condition,
}

/// Trait for types that can be filtered in scoped (public) contexts.
///
/// Types with `exclude(scoped)` boolean fields auto-implement this to return `false`
/// when the record should be hidden from scoped responses. The derive macro generates
/// the impl based on `exclude(scoped)` boolean fields.
///
/// Used by scoped `From` conversions to filter private children out of Vec and Option join fields.
pub trait ScopeFilterable {
    /// Returns `true` if this record should be visible in scoped (public) responses.
    fn is_scope_visible(&self) -> bool {
        true
    }

    /// Returns a Sea-ORM `Condition` that filters this entity's rows to only scope-visible ones.
    ///
    /// Auto-generated by the derive macro from `exclude(scoped)` boolean fields.
    /// For example, an entity with `#[crudcrate(exclude(scoped))] pub is_private: bool`
    /// generates: `Some(Condition::all().add(Column::IsPrivate.eq(false)))`.
    ///
    /// Returns `None` if the entity has no scope-relevant fields (all rows visible).
    ///
    /// Used by join loading to filter child entities at the SQL level during scoped requests,
    /// avoiding loading private children into memory.
    #[must_use]
    fn scope_condition() -> Option<sea_orm::Condition> {
        None
    }
}

impl ScopeCondition {
    /// Create a scope with a query condition (row filtering).
    #[must_use]
    pub fn new(condition: sea_orm::Condition) -> Self {
        Self { condition }
    }
}