Skip to main content

RlsContext

qail_pg::driver

Struct RlsContext 

Source 
pub struct RlsContext {
    pub tenant_id: String,
    pub agent_id: String,
    /* private fields */
}
Expand description

RLS context carrying tenant identity for data isolation.

Fields§

§tenant_id: String

The unified tenant ID — the primary identity for data isolation. Empty string means no tenant scope.

§agent_id: String

Legacy: The agent (reseller) this context is scoped to. Empty string means no agent scope.

Implementations§

Source§

impl RlsContext

Source

pub fn tenant(tenant_id: &str) -> RlsContext

Create a context scoped to a specific tenant (the unified identity).

Source

pub fn agent(agent_id: &str) -> RlsContext

Create a context scoped to a specific agent (reseller).

Source

pub fn tenant_and_agent(tenant_id: &str, agent_id: &str) -> RlsContext

Create a context scoped to both tenant and agent.

Source

pub fn global() -> RlsContext

Create a global context scoped to platform rows (tenant_id IS NULL).

This is not a bypass: it applies explicit global scoping in AST injection and exposes app.is_global=true for policy usage at the database layer.

Source

pub fn super_admin(_token: SuperAdminToken) -> RlsContext

Create a super admin context that bypasses tenant isolation.

Requires a SuperAdminToken — which can only be created via named constructors (for_system_process, for_webhook, for_auth).

Uses nil UUID for all IDs to avoid ''::uuid cast errors in PostgreSQL RLS policies (PostgreSQL doesn’t short-circuit OR).

Source

pub fn empty() -> RlsContext

Create an empty context (no tenant, no super admin).

Used for system-level operations that must not operate within any tenant scope (startup introspection, migrations, health checks).

Source

pub fn user(user_id: &str) -> RlsContext

Create a user-scoped context for authenticated end-user operations.

Sets app.current_user_id so that DB policies can enforce row-level isolation by user (e.g. user_id = get_current_user_id()). Does NOT bypass tenant isolation or grant super-admin.

Source

pub fn with_user(self, user_id: &str) -> RlsContext

Attach an authenticated user ID to an existing tenant/global context.

User scope is orthogonal to tenant/agent scope: PostgreSQL policies can use both app.current_tenant_id and app.current_user_id.

Source

pub fn has_tenant(&self) -> bool

Returns true if this context has a tenant scope.

Source

pub fn has_agent(&self) -> bool

Returns true if this context has an agent scope.

Source

pub fn has_user(&self) -> bool

Returns true if this context has a user scope.

Source

pub fn user_id(&self) -> &str

Returns the user ID for this context (empty if none).

Source

pub fn bypasses_rls(&self) -> bool

Returns true if this context bypasses tenant isolation.

Source

pub fn is_global(&self) -> bool

Returns true if this context is explicitly scoped to global rows.

Trait Implementations§

Source§

impl Clone for RlsContext

Source§

fn clone(&self) -> RlsContext

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RlsContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Display for RlsContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Eq for RlsContext

Source§

impl PartialEq for RlsContext

Source§

fn eq(&self, other: &RlsContext) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for RlsContext

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> ColumnValue<Value> for T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more