Struct oxide_auth::primitives::scope::Scope
source · pub struct Scope { /* private fields */ }
Expand description
Scope of a given grant or resource, a set of scope-tokens separated by spaces.
Scopes are interpreted as a conjunction of scope tokens, i.e. a scope is fulfilled if all of
its scope tokens are fulfilled. This induces a partial ordering on scopes where scope A
is less or equal than scope B
if all scope tokens of A
are also found in B
. This can be
interpreted as the rule
A token with scope
B
is allowed to access a resource requiring scopeA
iffA <= B
Example
let grant_scope = "some_scope other_scope".parse::<Scope>().unwrap();
let resource_scope = "some_scope".parse::<Scope>().unwrap();
let uncomparable = "some_scope third_scope".parse::<Scope>().unwrap();
// Holding a grant with `grant_scope` allows access to the resource since:
assert!(resource_scope <= grant_scope);
assert!(resource_scope.allow_access(&grant_scope));
// But holders would not be allowed to access another resource with scope `uncomparable`:
assert!(!(uncomparable <= grant_scope));
assert!(!uncomparable.allow_access(&grant_scope));
// This would also not work the other way around:
assert!(!(grant_scope <= uncomparable));
assert!(!grant_scope.allow_access(&uncomparable));
Scope-tokens are restricted to the following subset of ascii:
- The character ‘!’
- The character range ‘\x32’ to ‘\x5b’ which includes numbers and upper case letters
- The character range ‘\x5d’ to ‘\x7e’ which includes lower case letters Individual scope-tokens are separated by spaces.
In particular, the characters ‘\x22’ ("
) and ‘\x5c’ (\
) are not allowed.
Implementations§
source§impl Scope
impl Scope
sourcepub fn priviledged_to(&self, rhs: &Scope) -> bool
pub fn priviledged_to(&self, rhs: &Scope) -> bool
Determines if this scope has enough privileges to access some resource requiring the scope
on the right side. This operation is equivalent to comparison via >=
.
sourcepub fn allow_access(&self, rhs: &Scope) -> bool
pub fn allow_access(&self, rhs: &Scope) -> bool
Determines if a resouce protected by this scope should allow access to a token with the
grant on the right side. This operation is equivalent to comparison via <=
.
Trait Implementations§
source§impl<'de> Deserialize<'de> for Scope
impl<'de> Deserialize<'de> for Scope
source§fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where
D: Deserializer<'de>,
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where D: Deserializer<'de>,
source§impl PartialEq<Scope> for Scope
impl PartialEq<Scope> for Scope
source§impl PartialOrd<Scope> for Scope
impl PartialOrd<Scope> for Scope
1.0.0 · source§fn le(&self, other: &Rhs) -> bool
fn le(&self, other: &Rhs) -> bool
self
and other
) and is used by the <=
operator. Read more