scim_server/resource/
tenant.rs

1//! Tenant-related types for multi-tenant SCIM operations.
2//!
3//! This module contains the fundamental data structures for managing tenant
4//! contexts, permissions, and isolation levels in multi-tenant environments.
5
6use serde::{Deserialize, Serialize};
7
8/// Tenant isolation level configuration
9#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
10pub enum IsolationLevel {
11    /// Strict isolation - complete separation of tenant data
12    Strict,
13    /// Standard isolation - shared infrastructure with data separation
14    Standard,
15    /// Shared resources - some resources may be shared between tenants
16    Shared,
17}
18
19impl Default for IsolationLevel {
20    fn default() -> Self {
21        IsolationLevel::Standard
22    }
23}
24
25/// Tenant-specific permissions for resource operations
26#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
27pub struct TenantPermissions {
28    pub can_create: bool,
29    pub can_read: bool,
30    pub can_update: bool,
31    pub can_delete: bool,
32    pub can_list: bool,
33    pub max_users: Option<usize>,
34    pub max_groups: Option<usize>,
35}
36
37impl Default for TenantPermissions {
38    fn default() -> Self {
39        Self {
40            can_create: true,
41            can_read: true,
42            can_update: true,
43            can_delete: true,
44            can_list: true,
45            max_users: None,
46            max_groups: None,
47        }
48    }
49}
50
51/// Tenant context for multi-tenant operations
52#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
53pub struct TenantContext {
54    pub tenant_id: String,
55    pub client_id: String,
56    pub isolation_level: IsolationLevel,
57    pub permissions: TenantPermissions,
58}
59
60impl TenantContext {
61    /// Create a new tenant context with default permissions
62    pub fn new(tenant_id: String, client_id: String) -> Self {
63        Self {
64            tenant_id,
65            client_id,
66            isolation_level: IsolationLevel::default(),
67            permissions: TenantPermissions::default(),
68        }
69    }
70
71    /// Create a tenant context with custom isolation level
72    pub fn with_isolation_level(mut self, level: IsolationLevel) -> Self {
73        self.isolation_level = level;
74        self
75    }
76
77    /// Create a tenant context with custom permissions
78    pub fn with_permissions(mut self, permissions: TenantPermissions) -> Self {
79        self.permissions = permissions;
80        self
81    }
82
83    /// Check if the tenant has permission for a specific operation
84    pub fn can_perform_operation(&self, operation: &str) -> bool {
85        match operation {
86            "create" => self.permissions.can_create,
87            "read" => self.permissions.can_read,
88            "update" => self.permissions.can_update,
89            "delete" => self.permissions.can_delete,
90            "list" => self.permissions.can_list,
91            _ => false,
92        }
93    }
94
95    /// Check if tenant has reached user limit
96    pub fn check_user_limit(&self, current_count: usize) -> bool {
97        match self.permissions.max_users {
98            Some(limit) => current_count < limit,
99            None => true,
100        }
101    }
102
103    /// Check if tenant has reached group limit
104    pub fn check_group_limit(&self, current_count: usize) -> bool {
105        match self.permissions.max_groups {
106            Some(limit) => current_count < limit,
107            None => true,
108        }
109    }
110}