Skip to main content

pcs_external/
scopes.rs

1//! Sealed scope-set type family for [`crate::PcsExternalClient<S>`].
2//!
3//! The four scope sets map to the OAuth2 scopes your app requested when
4//! calling `PasTokenUrl` with the `client_credentials` grant. Methods on
5//! [`crate::PcsExternalClient`] are gated by capability marker traits
6//! (`SendAlertCapable`, `GetSendStatusCapable`) so calling a method your
7//! app isn't authorised for is a **compile-time error** (E0277), not a
8//! runtime rejection.
9//!
10//! ## Compile-time enforcement example
11//!
12//! ```compile_fail,E0277
13//! use pcs_external::{PcsExternalClient, scopes::ReadOnly};
14//!
15//! fn try_send(client: &PcsExternalClient<ReadOnly>) {
16//!     // send_alert requires SendAlertCapable; ReadOnly doesn't satisfy it.
17//!     // This line must not compile.
18//!     let _ = client.send_alert(todo!(), todo!(), None);
19//! }
20//! ```
21
22mod sealed {
23    pub trait Seal {}
24}
25
26/// Parent marker for all PCS External API scope sets.
27///
28/// Sealed — cannot be implemented outside this crate.
29pub trait PcsExternalScopeSet: sealed::Seal + Send + Sync + 'static {}
30
31/// Read-only access: `get_send_status` only.
32pub struct ReadOnly;
33/// Send-only access: `send_alert` only. Used by RCW notification adapter.
34pub struct SendOnly;
35/// Read + send: `send_alert` + `get_send_status`.
36pub struct ReadAndSend;
37/// Full access: all methods.
38pub struct FullAccess;
39
40impl sealed::Seal for ReadOnly {}
41impl sealed::Seal for SendOnly {}
42impl sealed::Seal for ReadAndSend {}
43impl sealed::Seal for FullAccess {}
44
45impl PcsExternalScopeSet for ReadOnly {}
46impl PcsExternalScopeSet for SendOnly {}
47impl PcsExternalScopeSet for ReadAndSend {}
48impl PcsExternalScopeSet for FullAccess {}
49
50/// Capability marker: scope set may call `send_alert`.
51pub trait SendAlertCapable: PcsExternalScopeSet {}
52impl SendAlertCapable for SendOnly {}
53impl SendAlertCapable for ReadAndSend {}
54impl SendAlertCapable for FullAccess {}
55
56/// Capability marker: scope set may call `get_send_status`.
57pub trait GetSendStatusCapable: PcsExternalScopeSet {}
58impl GetSendStatusCapable for ReadOnly {}
59impl GetSendStatusCapable for ReadAndSend {}
60impl GetSendStatusCapable for FullAccess {}