Skip to main content

PolicyEngine

ferrify_policy

Struct PolicyEngine 

Source 
pub struct PolicyEngine { /* private fields */ }
Expand description

Resolves declarative policy into an effective policy and enforces approvals.

Implementations§

Source§

impl PolicyEngine

Source

pub fn new(repository: PolicyRepository) -> Self

Creates a policy engine from the loaded repository data.

Source

pub fn repository(&self) -> &PolicyRepository

Returns the loaded repository data.

Source

pub fn resolve( &self, mode_slug: &str, approval_profile_slug: &ApprovalProfileSlug, ) -> Result<ResolvedMode, PolicyError>

Resolves the effective policy for a mode and approval profile.

The result is the policy Ferrify actually executes with after mode defaults and approval-profile overrides have been merged.

§Errors

Returns PolicyError when either the mode or approval profile is missing from the loaded repository data.

Source

pub fn authorize( &self, policy: &EffectivePolicy, capability: &Capability, approvals: &BTreeSet<Capability>, ) -> Result<(), PolicyError>

Checks whether a capability can be used with the provided approvals.

§Errors

Returns PolicyError when the capability is not allowed by the active mode, when the capability is denied outright, or when the capability requires approval and the caller did not supply it.

Source

pub fn authorize_transition( &self, from: &EffectivePolicy, to: &EffectivePolicy, approvals: &BTreeSet<Capability>, ) -> Result<(), PolicyError>

Enforces the rule that widening a mode’s authority requires approval.

§Errors

Returns PolicyError when the target mode introduces a capability that is either disallowed or not explicitly approved for the transition.

Trait Implementations§

Source§

impl Clone for PolicyEngine

Source§

fn clone(&self) -> PolicyEngine

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PolicyEngine

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.