Skip to main content

RlsContext

qail_pg::driver

Struct RlsContext 

Source 
pub struct RlsContext {
    pub tenant_id: String,
    pub agent_id: String,
    /* private fields */
}
Expand description

RLS context carrying tenant identity for data isolation.

Fields§

§tenant_id: String

The unified tenant ID — the primary identity for data isolation. Empty string means no tenant scope.

§agent_id: String

Legacy: The agent (reseller) this context is scoped to. Empty string means no agent scope.

Implementations§

Source§

impl RlsContext

Source

pub fn tenant(tenant_id: &str) -> RlsContext

Create a context scoped to a specific tenant (the unified identity).

Source

pub fn agent(agent_id: &str) -> RlsContext

Create a context scoped to a specific agent (reseller).

Source

pub fn tenant_and_agent(tenant_id: &str, agent_id: &str) -> RlsContext

Create a context scoped to both tenant and agent.

Source

pub fn global() -> RlsContext

Create a global context scoped to platform rows (tenant_id IS NULL).

This is not a bypass: it applies explicit global scoping in AST injection and exposes app.is_global=true for policy usage at the database layer.

Source

pub fn super_admin(_token: SuperAdminToken) -> RlsContext

Create a super admin context that bypasses tenant isolation.

Requires a SuperAdminToken — which can only be created via named constructors (for_system_process, for_webhook, for_auth).

Uses nil UUID for all IDs to avoid ''::uuid cast errors in PostgreSQL RLS policies (PostgreSQL doesn’t short-circuit OR).

Source

pub fn empty() -> RlsContext

Create an empty context (no tenant, no super admin).

Used for system-level operations that must not operate within any tenant scope (startup introspection, migrations, health checks).

Source

pub fn user(user_id: &str) -> RlsContext

Create a user-scoped context for authenticated end-user operations.

Sets app.current_user_id so that DB policies can enforce row-level isolation by user (e.g. user_id = get_current_user_id()). Does NOT bypass tenant isolation or grant super-admin.

Source

pub fn has_tenant(&self) -> bool

Returns true if this context has a tenant scope.

Source

pub fn has_agent(&self) -> bool

Returns true if this context has an agent scope.

Source

pub fn has_user(&self) -> bool

Returns true if this context has a user scope.

Source

pub fn user_id(&self) -> &str

Returns the user ID for this context (empty if none).

Source

pub fn bypasses_rls(&self) -> bool

Returns true if this context bypasses tenant isolation.

Source

pub fn is_global(&self) -> bool

Returns true if this context is explicitly scoped to global rows.

Trait Implementations§

Source§

impl Clone for RlsContext

Source§

fn clone(&self) -> RlsContext

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RlsContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Display for RlsContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl PartialEq for RlsContext

Source§

fn eq(&self, other: &RlsContext) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for RlsContext

Source§

impl StructuralPartialEq for RlsContext

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ColumnValue<Value> for T