Module auth 

Authentication & authorization.

Three pieces:

• users.rs — user records, password hashing, login/logout
• sessions.rs — DB-backed sessions with expiry cleanup
• permissions.rs — granular permissions + groups + the authorize! check used throughout the admin

A user belongs to zero or more groups. Permissions come from two sources: (a) direct assignments on the user, (b) inherited from the user’s groups. The permission string is "<app>.<action>_<model>" — e.g. "posts.change_post".

Structs

Identity

The identity attached to a request by the auth middleware. Kept cheap to clone because we pass it into handler bodies.

Permission

StoredUser

Superuser

Marker type used by the authorize! macro for fast-paths on admins.

Enums

PermissionError

Role

Constants

SESSION_COOKIE

The cookie name we look for and set. Constant so middleware and handlers stay in sync.

Functions

add_user_to_group

bootstrap_default_groups

Insert each default group with ON CONFLICT (name) DO NOTHING. Idempotent across restarts and against admin-created groups — duplicates by name simply skip without bumping any state.

bootstrap_demo_users

Phase 7a/0.5/d — gated by RUSTIO_DEMO_MODE=1. Inserts the five demo users keyed off branding.domain (e.g. staff@rustio.local) and attaches each to the matching default groups (which must already exist; call bootstrap_default_groups + lazy_attach_* first). Idempotent via the demo-count gate: re-running on a DB that already has demo users is a no-op. Real users coexist — the gate counts only is_demo = TRUE rows.

check_permission

Ask “does this identity have permission X?”.

create_group

create_session

create_user

delete_session

find_user_by_email

grant_to_group

grant_to_user

hash_password

identity_from_session

init_permission_tables

init_session_tables

init_tables

Initialise every auth-related table. Safe to call on every boot.

init_user_tables

lazy_attach_permissions

For each default group, attach the permissions it can resolve from the currently-registered models. All(&[…]) becomes one perm per non-core entry; Specific(&[…]) becomes one perm per matching entry (skipping un-registered models silently).

login

Verify credentials and create a session. Returns the session token to set in the cookie. A deliberately vague error on failure — we don’t want to leak whether the email was valid.

migrate_user_schema

Idempotent schema upgrade for the 5-tier role hierarchy + demo flag.

permissions_for_user

All permission names belonging to the given user — direct + via groups — unioned into one set. Cached for 60s.

purge_expired_sessions

Delete all expired sessions. Intended to be called periodically from a background task (see background::spawn_session_sweeper).

register_model_permissions

For an admin model named posts, register the canonical four permissions: add_post, change_post, delete_post, view_post. Idempotent.

remove_user_from_group

session_token_from_cookie

set_password

update_user_role

verify_password

would_orphan_developers

Phase 7a/0.5/f — would the proposed change leave the system with zero active Developers?