permkit
Generic Rust permission primitives, a permission enum derive macro, and an async guard macro.
permkit stays out of application concerns: authentication, tenancy, storage,
request context, and HTTP errors remain your responsibility.
Install
[]
= "0.1"
Enable OpenAPI schema support with:
[]
= { = "0.1", = ["utoipa"] }
Define Permissions
Derive Permission on a unit-only enum and give every variant a stable name.
Enum-level roles are defaults; variant-level roles override them.
use Permission;
The derive macro provides:
AsRef<str>for the permission name.serde::Serializeas a string.inventoryregistration throughPermissionEntry.utoipaschema implementations when theutoipafeature is enabled.
Check Permissions
EffectivePermissions evaluates in-memory grants. Grants have a scope, pattern,
and effect. Deny wins over allow within the same scope.
use ;
let permissions = from_grants;
assert!;
assert!;
To connect permissions to your app, implement HasPermission<Context> for your
permission enum or expression type.
use ;
Permission checks can be composed with and and or.
use HasPermission;
let permission = List.or;
Guard Async Functions
Use #[permissions(...)] to run checks before an async function body. Pass the
request context with context = ....
use permissions;
async
Denied requests return PermissionDenied::permission_denied() by default. Use
error = ... to return an application-specific error.
async
If context = ... is omitted, the macro looks for or inserts a
crate::database::Database argument named db.
OpenAPI Permission Names
With the utoipa feature, use PermissionName when a DTO contains arbitrary
permission name strings and the schema should expose collected permission names
as enum values.
use PermissionName;
use ToSchema;