qail-core 1.3.0

AST-native query builder - type-safe expressions, zero SQL strings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

use std::collections::BTreeMap;
use std::path::Path;

use super::AccessPolicy;
use super::error::AccessPolicyLoadError;
use super::ident::normalize_table_ref;
use super::model::{AccessDecision, TableAccessPolicy};

impl AccessPolicy {
    /// Deny-by-default policy set.
    pub fn new() -> Self {
        Self::default()
    }

    /// Allow-by-default policy set for trusted/internal use.
    pub fn allow_by_default() -> Self {
        Self {
            default_decision: AccessDecision::Allow,
            tables: BTreeMap::new(),
        }
    }

    /// Add or replace a table policy.
    pub fn with_table(mut self, table: impl Into<String>, policy: TableAccessPolicy) -> Self {
        self.tables
            .insert(normalize_table_ref(&table.into()), policy);
        self
    }

    /// Parse an access policy from TOML.
    pub fn from_toml_str(input: &str) -> Result<Self, AccessPolicyLoadError> {
        toml::from_str::<Self>(input)
            .map(Self::normalize_table_keys)
            .map_err(AccessPolicyLoadError::Toml)
    }

    /// Parse an access policy from JSON.
    pub fn from_json_str(input: &str) -> Result<Self, AccessPolicyLoadError> {
        serde_json::from_str::<Self>(input)
            .map(Self::normalize_table_keys)
            .map_err(AccessPolicyLoadError::Json)
    }

    /// Load an access policy from a `.toml` or `.json` file.
    pub fn load_from_path(path: impl AsRef<Path>) -> Result<Self, AccessPolicyLoadError> {
        let path = path.as_ref();
        let raw = std::fs::read_to_string(path).map_err(AccessPolicyLoadError::Read)?;
        match path
            .extension()
            .and_then(|extension| extension.to_str())
            .map(str::to_ascii_lowercase)
            .as_deref()
        {
            Some("toml") => Self::from_toml_str(&raw),
            Some("json") => Self::from_json_str(&raw),
            other => Err(AccessPolicyLoadError::UnsupportedExtension(
                other.unwrap_or_default().to_string(),
            )),
        }
    }

    /// Mutably access a table policy, creating an empty policy if needed.
    pub fn table_mut(&mut self, table: impl Into<String>) -> &mut TableAccessPolicy {
        self.tables
            .entry(normalize_table_ref(&table.into()))
            .or_default()
    }

    fn normalize_table_keys(mut self) -> Self {
        self.tables = self
            .tables
            .into_iter()
            .map(|(table, policy)| (normalize_table_ref(&table), policy))
            .collect();
        self
    }
}

impl Default for AccessPolicy {
    fn default() -> Self {
        Self {
            default_decision: AccessDecision::Deny,
            tables: BTreeMap::new(),
        }
    }
}