role_system::core

Struct RoleSystem

Source 
pub struct RoleSystem<S = MemoryStorage>
where
    S: Storage,
{ /* private fields */ }
Expand description

The main role-based access control system.

Implementations§

Source§

impl RoleSystem<MemoryStorage>

Source

pub fn new() -> Self

Create a new role system with default configuration and memory storage.

Source

pub fn with_config(config: RoleSystemConfig) -> Self

Create a new role system with custom configuration and memory storage.

Source§

impl<S> RoleSystem<S>
where S: Storage,

Source

pub fn with_storage(storage: S, config: RoleSystemConfig) -> Self

Create a new role system with custom storage.

Source

pub fn register_role(&mut self, role: Role) -> Result<()>

Register a new role in the system.

Source

pub fn get_role(&self, name: &str) -> Result<Option<Role>>

Get a role by name.

Source

pub fn update_role(&mut self, role: Role) -> Result<()>

Update an existing role.

Source

pub fn add_role_inheritance(&mut self, child: &str, parent: &str) -> Result<()>

Add role inheritance (child inherits from parent).

Source

pub fn remove_role_inheritance( &mut self, child: &str, parent: &str, ) -> Result<()>

Remove role inheritance.

Source

pub fn assign_role(&mut self, subject: &Subject, role_name: &str) -> Result<()>

Assign a role to a subject.

Source

pub fn remove_role(&mut self, subject: &Subject, role_name: &str) -> Result<()>

Remove a role from a subject.

Source

pub fn elevate_role( &mut self, subject: &Subject, role_name: &str, duration: Option<Duration>, ) -> Result<()>

Temporarily elevate a subject’s role.

Source

pub fn check_permission( &self, subject: &Subject, action: &str, resource: &Resource, ) -> Result<bool>

Check if a subject has a specific permission on a resource.

Source

pub fn check_permission_with_context( &self, subject: &Subject, action: &str, resource: &Resource, context: &HashMap<String, String>, ) -> Result<bool>

Check permission with additional context.

Source

pub fn get_subject_roles(&self, subject: &Subject) -> Result<HashSet<String>>

Get all roles assigned to a subject (including inherited roles).

Source

pub fn create_standard_roles(&mut self) -> Result<()>

Creates standard roles commonly used in applications.

This method creates the following roles:

  • admin: Full system access
  • editor: Create and edit content
  • viewer: Read-only access
  • guest: Limited read access
Source

pub fn create_application_roles( &mut self, app_type: ApplicationType, ) -> Result<()>

Creates roles appropriate for specific application types.

Source§

impl<S: Storage> RoleSystem<S>

Source

pub fn storage(&self) -> &S

Get access to the internal storage backend (for query operations).

Source

pub fn subject_roles(&self) -> &DashMap<String, HashSet<String>>

Get access to the subject roles mapping (for query operations).

Source

pub fn role_hierarchy(&self) -> &DashMap<String, HashSet<String>>

Get access to the role hierarchy mapping (for query operations).

Source

pub fn config(&self) -> &RoleSystemConfig

Get access to the configuration (for query operations).

Source§

impl<S: Storage> RoleSystem<S>

Source

pub fn assign_roles<I>(&mut self, subject: &Subject, roles: I) -> Result<()>
where I: IntoIterator, I::Item: AsRef<str>,

Assign multiple roles to a subject in a single operation.

Source

pub fn remove_roles<I>(&mut self, subject: &Subject, roles: I) -> Result<()>
where I: IntoIterator, I::Item: AsRef<str>,

Remove multiple roles from a subject in a single operation.

Source

pub fn check_permissions_batch( &self, subject: &Subject, permissions: &[(&str, &Resource)], ) -> Result<Vec<(String, String, bool)>>

Check multiple permissions for a subject in a single operation.

Source

pub fn bulk_assign_roles( &mut self, assignments: &[(Subject, Vec<String>)], ) -> Result<Vec<Result<()>>>

Bulk role assignment with validation.

Source

pub fn get_permission_summary( &self, subject: &Subject, ) -> Result<PermissionSummary>

Get detailed permission summary for a subject.

Source§

impl<S: Storage> RoleSystem<S>

Health check extension for RoleSystem.

Source

pub fn health_check(&self) -> HealthReport

Perform a health check on the role system.

Source

pub fn health_check_with_config( &self, config: HealthCheckConfig, ) -> HealthReport

Perform a health check with custom configuration.

Source

pub fn is_healthy(&self) -> bool

Get a simple health status (useful for load balancer health checks).

Trait Implementations§

Source§

impl BatchOperations for RoleSystem

Source§

fn batch_check_permissions( &self, checks: Vec<BatchPermissionCheck>, ) -> Result<BatchResult<bool>, Error>

Perform batch permission checks
Source§

fn batch_role_operations( &mut self, operations: Vec<BatchRoleAssignment>, ) -> Result<BatchResult<()>, Error>

Perform batch role assignments and revocations (requires mutable access)
Source§

impl<S, T> ContextualPermissions<T> for RoleSystem<S>
where S: Storage, T: AuthenticationContext,

Source§

fn check_contextual_permission( &self, context: &T, action: &str, resource: &Resource, _additional_context: Option<HashMap<String, String>>, ) -> Result<bool>

Check permission using an authentication context.

This method combines role-based permissions with any scopes/permissions granted directly by the authentication context (e.g., JWT token scopes).

§Arguments
  • context - The authentication context to use
  • action - The action to check permission for
  • resource - The resource to check permission for
  • additional_context - Additional context values for conditional permissions
§Returns

true if permission is granted, false otherwise

Source§

fn check_scope_permission( &self, context: &T, required_scopes: &[String], ) -> Result<bool>

Check permission against a list of required scopes.

This is useful for API endpoints that require specific scopes.

§Arguments
  • context - The authentication context to use
  • required_scopes - List of required scopes (any match grants permission)
§Returns

true if any required scope is granted, false otherwise

Source§

impl<S> Default for RoleSystem<S>
where S: Storage + Default,

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<S> MetricsProvider for RoleSystem<S>
where S: Storage,

Source§

fn metrics(&self) -> &RoleSystemMetrics

Get the metrics instance.
Source§

fn start_timer(&self, operation: &str) -> MetricsTimer

Start a timer for an operation.
Source§

impl<S: Storage> RoleSystemQuery<S> for RoleSystem<S>

Source§

fn query(&self) -> RoleQuery<'_, S>

Get a query interface for this role system.

Auto Trait Implementations§

§

impl<S> Freeze for RoleSystem<S>
where S: Freeze,

§

impl<S = MemoryStorage> !RefUnwindSafe for RoleSystem<S>

§

impl<S> Send for RoleSystem<S>

§

impl<S> Sync for RoleSystem<S>

§

impl<S> Unpin for RoleSystem<S>
where S: Unpin,

§

impl<S = MemoryStorage> !UnwindSafe for RoleSystem<S>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.