Expand description
Role-based access control for the admin UI (0.10+).
Four built-in roles map to a per-model permission matrix over four actions. The matrix is hardcoded at this stage; DB-backed per-(role, model) overrides are a future extension.
This module is self-contained at stage 3 — no middleware or handler consumes it yet. Stage 4 wires it into the admin request path and the template context.
§Source of role data
Roles are stored as strings in the existing rustio_users.role
column. No schema migration is required. Role::from_role_string
resolves the column value to a typed Role; unknown / empty values
resolve to None, meaning no admin access at all — the caller is
expected to 403 in that case.
§Backward compatibility with the role column
Pre-0.10 only "admin" and "user" were recognised.
"admin"→Role::SuperAdmin. The legacy admin tier had unrestricted power; resolving it to SuperAdmin preserves that. Projects that want the restricted-admin tier introduced in 0.10.0 should store"restricted_admin"."user", empty, unknown →None. Pre-0.10 these users had no admin access; they continue to have none.
§Permission matrix (defaults)
“System table” = any table whose name begins with rustio_ (the
framework’s own rustio_users, rustio_sessions,
rustio_admin_actions, etc.).
| role | system tables | app tables |
|---|---|---|
| SuperAdmin | view/create/edit/delete | view/create/edit/delete |
| Admin | view | view/create/edit/delete |
| Editor | view | view/create/edit |
| Viewer | view | view |
Structs§
- Permission
Set - Boolean flags for the four actions on a single model. Passed into the template context so the UI can hide or disable controls the user can’t use. Also consulted by handlers before they act.
Enums§
- Permission
- The four actions a permission gates. Mapped one-to-one to the
fields of
PermissionSet; kept as a typed enum so handlers canrbac::require(ctx, "posts", Permission::Delete)?without stringly typing. - Role
- Framework-owned roles.
#[non_exhaustive]because we may introduce additional built-in tiers (e.g.Auditor) in a minor release; downstream code must not rely on exhaustive matching.
Functions§
- is_
system_ table - Framework tables use the
rustio_prefix. Project tables never should — this is a contract the migration generator enforces. We treat the prefix as authoritative here; projects that smugglerustio_-prefixed tables into their schema get the restrictive matrix, which is the safe default.