role-system 1.1.1

A flexible and powerful role-based access control (RBAC) library for Rust applications
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

//! Batch operations API for high-performance bulk operations

use crate::{Error, Permission, Resource, Role, RoleSystem, Subject};

/// Result of a batch operation
#[derive(Debug, Clone)]
pub struct BatchResult<T> {
    /// Successful operations with their results
    pub successes: Vec<(usize, T)>,
    /// Failed operations with their errors
    pub failures: Vec<(usize, Error)>,
}

impl<T> BatchResult<T> {
    /// Create a new empty batch result
    pub fn new() -> Self {
        Self {
            successes: Vec::new(),
            failures: Vec::new(),
        }
    }

    /// Add a successful result
    pub fn add_success(&mut self, index: usize, result: T) {
        self.successes.push((index, result));
    }

    /// Add a failed result
    pub fn add_failure(&mut self, index: usize, error: Error) {
        self.failures.push((index, error));
    }

    /// Get success rate as a percentage
    pub fn success_rate(&self) -> f64 {
        let total = self.successes.len() + self.failures.len();
        if total == 0 {
            return 0.0;
        }
        (self.successes.len() as f64 / total as f64) * 100.0
    }

    /// Check if all operations succeeded
    pub fn all_succeeded(&self) -> bool {
        self.failures.is_empty()
    }

    /// Get total number of operations
    pub fn total_operations(&self) -> usize {
        self.successes.len() + self.failures.len()
    }
}

impl<T> Default for BatchResult<T> {
    fn default() -> Self {
        Self::new()
    }
}

/// Batch permission check request
#[derive(Debug, Clone)]
pub struct BatchPermissionCheck {
    pub subject: Subject,
    pub permission: Permission,
    pub resource: Resource,
}

impl BatchPermissionCheck {
    /// Create a new batch permission check
    pub fn new(subject: Subject, permission: Permission, resource: Resource) -> Self {
        Self {
            subject,
            permission,
            resource,
        }
    }
}

/// Batch role assignment request
#[derive(Debug, Clone)]
pub struct BatchRoleAssignment {
    pub subject: Subject,
    pub role: Role,
    pub assign: bool, // true for assign, false for revoke
}

impl BatchRoleAssignment {
    /// Create a new batch role assignment
    pub fn new_assignment(subject: Subject, role: Role) -> Self {
        Self {
            subject,
            role,
            assign: true,
        }
    }

    /// Create a new batch role revocation
    pub fn new_revocation(subject: Subject, role: Role) -> Self {
        Self {
            subject,
            role,
            assign: false,
        }
    }
}

/// Batch operations configuration
#[derive(Debug, Clone)]
pub struct BatchConfig {
    /// Maximum number of operations to process concurrently
    pub max_concurrency: usize,
    /// Whether to stop on first failure or continue processing
    pub fail_fast: bool,
    /// Timeout for the entire batch operation (in milliseconds)
    pub timeout_ms: Option<u64>,
}

impl Default for BatchConfig {
    fn default() -> Self {
        Self {
            max_concurrency: num_cpus::get().max(1),
            fail_fast: false,
            timeout_ms: None,
        }
    }
}

/// Extension trait for RoleSystem to support batch operations
pub trait BatchOperations {
    /// Perform batch permission checks
    fn batch_check_permissions(
        &self,
        checks: Vec<BatchPermissionCheck>,
    ) -> Result<BatchResult<bool>, Error>;

    /// Perform batch role assignments and revocations (requires mutable access)
    fn batch_role_operations(
        &mut self,
        operations: Vec<BatchRoleAssignment>,
    ) -> Result<BatchResult<()>, Error>;
}

impl BatchOperations for RoleSystem {
    fn batch_check_permissions(
        &self,
        checks: Vec<BatchPermissionCheck>,
    ) -> Result<BatchResult<bool>, Error> {
        let mut result = BatchResult::new();

        for (i, check) in checks.iter().enumerate() {
            match self.check_permission(&check.subject, check.permission.action(), &check.resource)
            {
                Ok(allowed) => result.add_success(i, allowed),
                Err(error) => result.add_failure(i, error),
            }
        }

        Ok(result)
    }

    fn batch_role_operations(
        &mut self,
        operations: Vec<BatchRoleAssignment>,
    ) -> Result<BatchResult<()>, Error> {
        let mut result = BatchResult::new();

        for (i, operation) in operations.iter().enumerate() {
            let op_result = if operation.assign {
                self.assign_role(&operation.subject, operation.role.name())
            } else {
                self.remove_role(&operation.subject, operation.role.name())
            };

            match op_result {
                Ok(()) => result.add_success(i, ()),
                Err(error) => result.add_failure(i, error),
            }
        }

        Ok(result)
    }
}