guts-auth 0.1.0

Authorization and governance for Guts: Permissions, Organizations, Teams, Webhooks
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

//! Permission levels and access control.

use serde::{Deserialize, Serialize};
use std::fmt;

/// Permission level for repository access.
///
/// Permissions are ordered: Read < Write < Admin
#[derive(
    Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize, Deserialize, Default,
)]
#[serde(rename_all = "lowercase")]
pub enum Permission {
    /// Can read repository contents (clone, pull).
    #[default]
    Read,
    /// Can read and write (push commits).
    Write,
    /// Full control including settings, collaborators, and deletion.
    Admin,
}

impl Permission {
    /// Check if this permission level grants at least the required level.
    pub fn has(&self, required: Permission) -> bool {
        *self >= required
    }

    /// Parse from string.
    pub fn parse(s: &str) -> Option<Self> {
        match s.to_lowercase().as_str() {
            "read" => Some(Permission::Read),
            "write" | "push" => Some(Permission::Write),
            "admin" | "owner" => Some(Permission::Admin),
            _ => None,
        }
    }
}

impl fmt::Display for Permission {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Permission::Read => write!(f, "read"),
            Permission::Write => write!(f, "write"),
            Permission::Admin => write!(f, "admin"),
        }
    }
}

/// A permission grant for a specific resource.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PermissionGrant {
    /// The resource key (e.g., "owner/repo").
    pub resource: String,
    /// The granted permission level.
    pub permission: Permission,
    /// Source of this permission (e.g., "owner", "collaborator", "team:backend").
    pub source: String,
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_permission_ordering() {
        assert!(Permission::Read < Permission::Write);
        assert!(Permission::Write < Permission::Admin);
        assert!(Permission::Read < Permission::Admin);
    }

    #[test]
    fn test_permission_has() {
        assert!(Permission::Admin.has(Permission::Read));
        assert!(Permission::Admin.has(Permission::Write));
        assert!(Permission::Admin.has(Permission::Admin));

        assert!(Permission::Write.has(Permission::Read));
        assert!(Permission::Write.has(Permission::Write));
        assert!(!Permission::Write.has(Permission::Admin));

        assert!(Permission::Read.has(Permission::Read));
        assert!(!Permission::Read.has(Permission::Write));
        assert!(!Permission::Read.has(Permission::Admin));
    }

    #[test]
    fn test_permission_parse() {
        assert_eq!(Permission::parse("read"), Some(Permission::Read));
        assert_eq!(Permission::parse("write"), Some(Permission::Write));
        assert_eq!(Permission::parse("push"), Some(Permission::Write));
        assert_eq!(Permission::parse("admin"), Some(Permission::Admin));
        assert_eq!(Permission::parse("owner"), Some(Permission::Admin));
        assert_eq!(Permission::parse("ADMIN"), Some(Permission::Admin));
        assert_eq!(Permission::parse("invalid"), None);
    }

    #[test]
    fn test_permission_display() {
        assert_eq!(format!("{}", Permission::Read), "read");
        assert_eq!(format!("{}", Permission::Write), "write");
        assert_eq!(format!("{}", Permission::Admin), "admin");
    }
}