lab-resource-manager 1.1.0

GPU and room resource management system with Google Calendar and Slack integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

use crate::domain::common::EmailAddress;
use std::fmt;

/// 認可エラー
#[derive(Debug, Clone, PartialEq)]
pub enum AuthorizationError {
    /// 権限不足
    Forbidden {
        actor: EmailAddress,
        action: String,
        resource: String,
    },
}

impl fmt::Display for AuthorizationError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            AuthorizationError::Forbidden {
                actor,
                action,
                resource,
            } => write!(
                f,
                "ユーザー {} には {}{} する権限がありません",
                actor.as_str(),
                resource,
                action
            ),
        }
    }
}

impl std::error::Error for AuthorizationError {}

/// 認可ポリシートレイト
///
/// Actor-Action-Resourceモデルに基づいた認可を提供
pub trait AuthorizationPolicy<T> {
    /// 更新権限をチェック
    fn authorize_update(
        &self,
        actor: &EmailAddress,
        resource: &T,
    ) -> Result<(), AuthorizationError>;

    /// 削除権限をチェック
    fn authorize_delete(
        &self,
        actor: &EmailAddress,
        resource: &T,
    ) -> Result<(), AuthorizationError>;

    /// 読み取り権限をチェック(オプション)
    fn authorize_read(
        &self,
        _actor: &EmailAddress,
        _resource: &T,
    ) -> Result<(), AuthorizationError> {
        // デフォルトでは全員が読み取り可能
        Ok(())
    }
}