Expand description
Authentication & authorization.
Three pieces:
users.rs— user records, password hashing, loginsessions.rs— DB-backed sessions with expiry cleanuppermissions.rs— granular permissions + groups
A user belongs to zero or more groups. Permissions come from two
sources: (a) direct assignments on the user, (b) inherited from
the user’s groups. The permission string is
<app>.<action>_<model> — e.g. posts.change_post.
Modules§
- guards
- Authority guards — server-side enforcement of the rank model.
Structs§
- Identity
- The identity attached to a request by the auth middleware. Kept cheap to clone because we pass it into handler bodies.
- Permission
- Stored
User - Superuser
- Marker type used by the admin’s authorize macro for fast-paths on admins.
- User
Profile - Read-only view of a user, used by the built-in admin profile page.
Excludes
password_hashdeliberately. Construct viaload_user_profile.
Enums§
Constants§
- SESSION_
COOKIE - The cookie name we look for and set. Constant so middleware and handlers stay in sync.
Functions§
- add_
user_ to_ group - check_
permission - Ask “does this identity have permission X?”.
- create_
group - create_
session - create_
user - delete_
session - find_
user_ by_ email - grant_
to_ group - grant_
to_ user - hash_
password - identity_
from_ session - init_
permission_ tables - init_
session_ tables - init_
tables - Initialise every auth-related table. Safe to call on every boot.
- init_
user_ tables - load_
user_ profile - Load a user by id for display purposes. Returns
Ok(None)for a missing id (callers map to 404). ReturnsErronly on a real DB failure or a corrupted role string. Never readspassword_hash. - login
- Verify credentials and create a session. Returns the session token to set in the cookie. A deliberately vague error on failure — we don’t want to leak whether the email was valid.
- migrate_
user_ schema - Idempotent schema upgrade for the 5-tier role hierarchy + demo + profile
columns. Safe to call repeatedly; safe on a fresh DB and on a legacy
'admin'-roled DB. - permissions_
for_ user - All permission names belonging to the given user — direct + via groups — unioned into one set. Cached for 60s.
- protected_
roles - Roles the framework refuses to lose its last active member of.
- purge_
expired_ sessions - Delete all expired sessions. Intended to be called periodically
from a background task (see
background::spawn_session_sweeper). - register_
model_ permissions - For an admin model named
posts, register the canonical four permissions:add_post,change_post,delete_post,view_post. Idempotent. - remove_
user_ from_ group - session_
token_ from_ cookie - set_
password - update_
user_ role - verdict_
for_ orphan_ role - Pure verdict for the orphan check, factored out so it can be
unit-tested without a
Db. The async wrapperwould_orphan_rolesuppliesactive_countandtarget_is_protectedfrom SQL. - verify_
password - would_
orphan_ developers Deprecated - Legacy alias preserved so external callers keep compiling. Prefer
would_orphan_protectedwhich generalises across every role insuper::role::protected_roles. - would_
orphan_ protected - Walk every entry in
super::role::protected_rolesand return the first protected role whose membership would be orphaned by the proposed change.Nonemeans the change is safe. - would_
orphan_ role - Would the proposed change leave the system with zero active members
of
protected_role?