Skip to main content

Crate nest_rs_authz

Crate nest_rs_authz 

Source
Expand description

CASL-style authorization — transport-agnostic engine plus feature-gated transport bindings.

An AbilityFactory builds an Ability for the app’s actor, which answers three questions backed by one shared Predicate (so they can’t drift apart): can (gate an action), condition_for (lower rules to a sea_orm::Condition for row-level filtering), and mask (strip disallowed instances + fields from a response).

Bindings: [http], [graphql], [mcp]. The data-coupled bindings (Bind, the GraphQL bind helper, LoaderScope, WsDataContext) live in nestrs-seaorm so the engine stays free of a data-layer dependency.

Structs§

Ability
The authorization rules compiled for a single actor. Built by an AbilityFactory and consumed by the access guard (can_class), the query pre-filter (condition_for), and the response check/mask (can / permitted_fields).
AbilityBuilder
Create
Type marker for Action::Create.
Delete
Type marker for Action::Delete.
Manage
Type marker for Action::Manage.
PredicateBuilder
Handed to a rule’s when(|p| …) closure so the condition reads p.eq(Column::OrgId, actor.org_id).
Read
Type marker for Action::Read.
RuleSpec
One in-progress rule. Commits on drop — binding to a variable defers the commit, and the builder cannot be reused while a spec is still alive.
Update
Type marker for Action::Update.

Enums§

Action
FieldSet
Which fields of a subject may be read back in the response.
Predicate
A condition over entity E, interpreted as SQL or in memory.

Traits§

AbilityFactory
Implemented once per app for its actor type. All three authorization layers (gate, query filter, response mask) consume the result.
ActionMarker
Lets a route name an Action as a type argument on stable Rust (enum const generics still need nightly adt_const_params).
Subject
Compile-time guardrail that S is a real subject rather than an arbitrary type. Implemented for every SeaORM entity by the blanket bridge below.

Functions§

current_ability
The ambient Ability, or None outside a request (or a request that runs no authorization).
masked_output_ambient
Mask model into the wire DTO O for action A using the ambient Ability. Fails closed: with no ambient ability the masked value is an empty object, so only unrestricted fields survive — a wire type with required restricted fields errors rather than leaking a fully-populated row.
with_ability