nest-rs-authz 0.2.0

CASL-style authorization for nestrs: one ability definition driving an access gate, a SeaORM query pre-filter, and response field-masking. Transport bindings (`http`, `graphql`, `mcp`) live behind Cargo features; the database-coupled extractors (`Bind`, `bind`, `LoaderScope`, `WsDataContext`) live in `nest-rs-seaorm` so the engine stays free of a data-layer dependency.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

//! CASL-style authorization — transport-agnostic engine plus feature-gated
//! transport bindings.
//!
//! An [`AbilityFactory`] builds an [`Ability`] for the app's actor, which
//! answers three questions backed by one shared [`Predicate`] (so they can't
//! drift apart): `can` (gate an action), `condition_for` (lower rules to a
//! `sea_orm::Condition` for row-level filtering), and `mask` (strip
//! disallowed instances + fields from a response).
//!
//! Bindings: [`http`], [`graphql`], [`mcp`]. The data-coupled bindings
//! (`Bind`, the GraphQL `bind` helper, `LoaderScope`, `WsDataContext`) live in
//! `nestrs-seaorm` so the engine stays free of a data-layer dependency.

mod ability;
mod action;
mod builder;
mod context;
mod factory;
mod mask;
mod predicate;
mod subject;

pub use ability::{Ability, FieldSet};
pub use action::{Action, ActionMarker, Create, Delete, Manage, Read, Update};
pub use builder::{AbilityBuilder, RuleSpec};
pub use context::{current_ability, with_ability};
pub use factory::AbilityFactory;
pub use mask::masked_output_ambient;
pub use predicate::{Predicate, PredicateBuilder};
pub use subject::Subject;

#[cfg(feature = "graphql")]
pub mod graphql;
#[cfg(feature = "http")]
pub mod http;
#[cfg(feature = "mcp")]
pub mod mcp;