oxigdal-security 0.1.4

Enterprise security features for OxiGDAL: encryption, access control, compliance
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

//! Resource isolation between tenants.

use crate::error::Result;
use dashmap::DashMap;
use std::collections::HashSet;
use std::sync::Arc;

/// Resource isolation manager.
pub struct IsolationManager {
    /// Tenant to resources mapping.
    tenant_resources: Arc<DashMap<String, HashSet<String>>>,
}

impl IsolationManager {
    /// Create new isolation manager.
    pub fn new() -> Self {
        Self {
            tenant_resources: Arc::new(DashMap::new()),
        }
    }

    /// Assign resource to tenant.
    pub fn assign_resource(&self, tenant_id: String, resource_id: String) -> Result<()> {
        self.tenant_resources
            .entry(tenant_id)
            .or_default()
            .insert(resource_id);
        Ok(())
    }

    /// Check if tenant owns resource.
    pub fn owns_resource(&self, tenant_id: &str, resource_id: &str) -> bool {
        self.tenant_resources
            .get(tenant_id)
            .is_some_and(|resources| resources.contains(resource_id))
    }

    /// Get all resources for tenant.
    pub fn get_resources(&self, tenant_id: &str) -> Vec<String> {
        self.tenant_resources
            .get(tenant_id)
            .map(|resources| resources.iter().cloned().collect())
            .unwrap_or_default()
    }
}

impl Default for IsolationManager {
    fn default() -> Self {
        Self::new()
    }
}