use super::error::PermissionConfigError;
use serde::Deserialize;
#[derive(Debug, Clone, Copy, Default, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum DefaultPolicy {
#[default]
DenyAll,
AllowAll,
}
#[derive(Debug, Clone, Deserialize)]
pub struct PermissionConfig {
#[serde(default)]
pub policy_path: Option<String>,
#[serde(default)]
pub default_policy: DefaultPolicy,
#[serde(default = "PermissionConfig::default_admin_role")]
pub admin_role: String,
#[serde(default)]
pub rate_limit_enabled: bool,
#[serde(default = "PermissionConfig::default_rate_limit_max")]
pub rate_limit_max_requests: u32,
}
impl Default for PermissionConfig {
fn default() -> Self {
Self {
policy_path: None,
default_policy: DefaultPolicy::default(),
admin_role: Self::default_admin_role(),
rate_limit_enabled: false,
rate_limit_max_requests: Self::default_rate_limit_max(),
}
}
}
impl PermissionConfig {
pub fn validate(&self) -> Result<(), PermissionConfigError> {
if self.admin_role.is_empty() {
return Err(PermissionConfigError::MissingField("admin_role".into()));
}
if self.rate_limit_enabled && self.rate_limit_max_requests == 0 {
return Err(PermissionConfigError::InvalidValue {
field: "rate_limit_max_requests".into(),
reason: "must be greater than 0 when rate limiting enabled".into(),
});
}
Ok(())
}
fn default_admin_role() -> String {
"admin".into()
}
fn default_rate_limit_max() -> u32 {
100
}
}