mocopr_rbac/
lib.rs

1//! Role-Based Access Control (RBAC) integration for MoCoPr MCP servers
2//!
3//! This crate provides seamless integration between MoCoPr and the role-system crate,
4//! enabling fine-grained authorization for MCP protocol operations.
5//!
6//! # Features
7//!
8//! - **Hierarchical Roles**: Support for role inheritance (admin > power_user > user)
9//! - **Fine-grained Permissions**: Control access to specific tools, resources, and prompts
10//! - **Conditional Permissions**: Context-based access control (time, location, etc.)
11//! - **Multiple Subject Types**: Support for users, services, devices, and groups
12//! - **Async Support**: Full async/await compatibility with MoCoPr
13//! - **Audit Logging**: Comprehensive security event logging
14//! - **Persistence**: Optional role/permission persistence
15//!
16//! # Quick Start
17//!
18//! ```rust
19//! use mocopr_rbac::prelude::*;
20//!
21//! #[tokio::main]
22//! async fn main() -> Result<()> {
23//!     // Create RBAC middleware with predefined roles
24//!     let rbac = RbacMiddleware::builder()
25//!         .with_default_roles()
26//!         .with_audit_logging(true)
27//!         .build().await?;
28//!
29//!     println!("RBAC middleware created successfully");
30//!     Ok(())
31//! }
32//! ```
33//!
34//! # Custom Role Configuration
35//!
36//! ```rust
37//! use mocopr_rbac::prelude::*;
38//!
39//! #[tokio::main]
40//! async fn main() -> Result<()> {
41//!     let rbac = RbacMiddleware::builder()
42//!         .with_role("admin", &[
43//!             "tools:*",
44//!             "resources:*",
45//!             "prompts:*",
46//!             "server:manage"
47//!         ])
48//!         .with_role("user", &[
49//!             "tools:read",
50//!             "tools:call:safe/*",
51//!             "resources:read:public/*"
52//!         ])
53//!         .with_conditional_permission(
54//!             "power_user",
55//!             "tools:call:admin/*",
56//!             |context| context.get("verified") == Some(&"true".to_string())
57//!         )
58//!         .build().await?;
59//!
60//!     println!("Custom RBAC roles configured successfully");
61//!     Ok(())
62//! }
63//! ```
64
65pub mod config;
66pub mod context;
67pub mod error;
68pub mod middleware;
69pub mod permissions;
70pub mod subjects;
71
72pub mod prelude {
73    //! Common imports for MoCoPr RBAC
74
75    pub use crate::config::*;
76    pub use crate::context::*;
77    pub use crate::error::*;
78    pub use crate::middleware::RbacMiddleware;
79    pub use crate::permissions::*;
80    pub use crate::subjects::*;
81
82    // Re-export key role-system types
83    pub use role_system::{Permission, Resource, Role, Subject as RoleSubject};
84
85    // Common Result type
86    pub type Result<T> = std::result::Result<T, RbacError>;
87}
88
89// Re-export major components at crate level
90pub use error::RbacError;
91pub use middleware::RbacMiddleware;
92pub use prelude::Result;