pub trait AsyncAuthorizationService {
// Required methods
fn authorize(
&self,
auth_: BearerToken,
request: AuthorizationRequest,
) -> impl Future<Output = Result<BTreeSet<ResourceIdentifier>, Error>> + Send;
fn batch_get_workspace_for_resource(
&self,
auth_: BearerToken,
request: BTreeSet<ResourceIdentifier>,
) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, WorkspaceRid>, Error>> + Send;
fn register_in_workspace(
&self,
auth_: BearerToken,
request: RegisterInWorkspaceRequest,
) -> impl Future<Output = Result<(), Error>> + Send;
fn check_admin(
&self,
auth_: BearerToken,
) -> impl Future<Output = Result<(), Error>> + Send;
fn is_email_allowed(
&self,
request: IsEmailAllowedRequest,
) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>> + Send;
fn get_access_token(
&self,
request: GetAccessTokenRequest,
) -> impl Future<Output = Result<GetAccessTokenResponse, Error>> + Send;
fn create_api_key(
&self,
auth_: BearerToken,
request: CreateApiKeyRequest,
) -> impl Future<Output = Result<CreateApiKeyResponse, Error>> + Send;
fn list_api_keys_in_org(
&self,
auth_: BearerToken,
request: ListApiKeyRequest,
) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send;
fn list_user_api_keys(
&self,
auth_: BearerToken,
request: ListApiKeyRequest,
) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send;
fn revoke_api_key(
&self,
auth_: BearerToken,
rid: ApiKeyRid,
) -> impl Future<Output = Result<(), Error>> + Send;
}Expand description
Authorization service manages the permissions for a user to access resources.
Required Methods§
Given a set of resources, returns the set of resources that the user is authorized to access.
Sourcefn batch_get_workspace_for_resource(
&self,
auth_: BearerToken,
request: BTreeSet<ResourceIdentifier>,
) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, WorkspaceRid>, Error>> + Send
fn batch_get_workspace_for_resource( &self, auth_: BearerToken, request: BTreeSet<ResourceIdentifier>, ) -> impl Future<Output = Result<BTreeMap<ResourceIdentifier, WorkspaceRid>, Error>> + Send
Given a set of resources, returns the workspace that each resource belongs to. If a user is not authorized on the resource, will omit the resource from the response.
Sourcefn register_in_workspace(
&self,
auth_: BearerToken,
request: RegisterInWorkspaceRequest,
) -> impl Future<Output = Result<(), Error>> + Send
fn register_in_workspace( &self, auth_: BearerToken, request: RegisterInWorkspaceRequest, ) -> impl Future<Output = Result<(), Error>> + Send
Marks a set of resources as belonging to a workspace. Either all resources are registered or none are. If the user is not in the workspace, this will throw. If a resource already belongs to a different workspace, this will throw. If a resource already belongs to this workspace, this is a no-op.
Sourcefn check_admin(
&self,
auth_: BearerToken,
) -> impl Future<Output = Result<(), Error>> + Send
fn check_admin( &self, auth_: BearerToken, ) -> impl Future<Output = Result<(), Error>> + Send
Given an authenticated session, this endpoint returns a HTTP 204 if the authenticated user is an admin and HTTP 403 otherwise.
Sourcefn is_email_allowed(
&self,
request: IsEmailAllowedRequest,
) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>> + Send
fn is_email_allowed( &self, request: IsEmailAllowedRequest, ) -> impl Future<Output = Result<IsEmailAllowedResponse, Error>> + Send
Checks if the email is allowed to register.
Sourcefn get_access_token(
&self,
request: GetAccessTokenRequest,
) -> impl Future<Output = Result<GetAccessTokenResponse, Error>> + Send
fn get_access_token( &self, request: GetAccessTokenRequest, ) -> impl Future<Output = Result<GetAccessTokenResponse, Error>> + Send
Provide an OIDC ID and access token to get a Nominal access token, suitable for making API requests. Its expiry will match that of the input access token, capped at 24h. Throws NotAuthorized if either token is invalid or if the OIDC provider is not known.
Sourcefn create_api_key(
&self,
auth_: BearerToken,
request: CreateApiKeyRequest,
) -> impl Future<Output = Result<CreateApiKeyResponse, Error>> + Send
fn create_api_key( &self, auth_: BearerToken, request: CreateApiKeyRequest, ) -> impl Future<Output = Result<CreateApiKeyResponse, Error>> + Send
Provide a long-lived API key for making API requests. The API key is irretrievable after initial creation.
Sourcefn list_api_keys_in_org(
&self,
auth_: BearerToken,
request: ListApiKeyRequest,
) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send
fn list_api_keys_in_org( &self, auth_: BearerToken, request: ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send
List all API keys in the organization.
Sourcefn list_user_api_keys(
&self,
auth_: BearerToken,
request: ListApiKeyRequest,
) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send
fn list_user_api_keys( &self, auth_: BearerToken, request: ListApiKeyRequest, ) -> impl Future<Output = Result<ListApiKeyResponse, Error>> + Send
List all API keys for the user.
Sourcefn revoke_api_key(
&self,
auth_: BearerToken,
rid: ApiKeyRid,
) -> impl Future<Output = Result<(), Error>> + Send
fn revoke_api_key( &self, auth_: BearerToken, rid: ApiKeyRid, ) -> impl Future<Output = Result<(), Error>> + Send
Delete an API key.
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.