pub mod advanced;
pub mod rbac;
pub mod cache;
mod context;
mod provider;
mod rate_limiter;
mod stats;
mod types;
pub use types::{PermissionAction, PermissionConfig, PermissionError, RolePolicy, TablePermission};
pub use provider::{
MemoryPermissionProvider, PermissionProvider, PermissionProviderError, RefreshablePermissionProvider,
YamlPermissionProvider,
};
pub use stats::{CacheStats, PermissionCheckStats, PermissionCheckStatsSnapshot};
pub use rate_limiter::RateLimiter;
pub use cache::{PermissionCache, PermissionCacheConfig};
#[cfg(feature = "cache")]
pub use context::PermissionContext;
pub use self::advanced::AdvancedRbacProvider;
pub use self::rbac::RbacProvider;
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_public_api_accessible() {
let _action = PermissionAction::Select;
let _operation: PermissionAction = PermissionAction::Insert;
assert_eq!(PermissionAction::Select.to_string(), "SELECT");
assert_eq!(PermissionAction::Insert.to_string(), "INSERT");
assert_eq!(PermissionAction::Update.to_string(), "UPDATE");
assert_eq!(PermissionAction::Delete.to_string(), "DELETE");
}
#[test]
fn test_permission_config_public_api() {
let config = PermissionConfig::allow_all();
assert!(config.check_access("admin", "users", PermissionAction::Select));
let config = PermissionConfig::deny_all();
assert!(!config.check_access("admin", "users", PermissionAction::Select));
}
#[test]
fn test_role_policy_public_api() {
let policy = RolePolicy {
tables: vec![TablePermission {
name: "*".to_string(),
operations: vec![PermissionAction::Select],
}],
};
assert!(policy.allows("any_table", &PermissionAction::Select));
assert!(!policy.allows("any_table", &PermissionAction::Insert));
}
#[test]
fn test_permission_check_stats_public_api() {
let stats = PermissionCheckStats::new();
stats.record_allowed();
stats.record_denied();
stats.record_cache_hit();
stats.record_cache_miss();
let snapshot = stats.snapshot();
assert_eq!(snapshot.total_checks, 2);
assert_eq!(snapshot.allowed_checks, 1);
assert_eq!(snapshot.denied_checks, 1);
assert_eq!(snapshot.cache_hits, 1);
assert_eq!(snapshot.cache_misses, 1);
}
#[test]
fn test_permission_check_stats_snapshot_public_api() {
let snapshot = PermissionCheckStatsSnapshot {
total_checks: 100,
allowed_checks: 80,
denied_checks: 20,
rate_limited_checks: 5,
cache_hits: 90,
cache_misses: 10,
stampede_events: 0,
};
assert!((snapshot.cache_hit_rate() - 0.9).abs() < 0.001);
assert!((snapshot.denial_rate() - 0.2).abs() < 0.001);
}
}