surrealdb_core/iam/
mod.rs1use cedar_policy::Context;
2pub use entities::Level;
3use thiserror::Error;
4
5pub mod access;
6pub mod auth;
7pub mod base;
8pub mod check;
9pub mod clear;
10pub mod entities;
11pub(crate) mod file;
12pub mod issue;
13#[cfg(feature = "jwks")]
14pub mod jwks;
15pub mod policies;
16pub mod reset;
17pub mod signin;
18pub mod signup;
19pub mod token;
20pub mod verify;
21
22pub use self::auth::*;
23pub use self::entities::*;
24
25#[derive(Error, Debug)]
26#[non_exhaustive]
27pub enum Error {
28 #[error("Invalid role '{0}'")]
29 InvalidRole(String),
30
31 #[error("Not enough permissions to perform this action")]
32 NotAllowed {
33 actor: String,
34 action: String,
35 resource: String,
36 },
37}
38
39impl From<Error> for String {
40 fn from(e: Error) -> String {
41 e.to_string()
42 }
43}
44
45pub fn is_allowed(
46 actor: &Actor,
47 action: &Action,
48 resource: &Resource,
49 ctx: Option<Context>,
50) -> Result<(), Error> {
51 match policies::is_allowed(actor, action, resource, ctx.unwrap_or(Context::empty())) {
52 (allowed, _) if allowed => Ok(()),
53 _ => {
54 let err = Error::NotAllowed {
55 actor: actor.to_string(),
56 action: action.to_string(),
57 resource: format!("{}", resource),
58 };
59
60 trace!("{}", err);
61 Err(err)
62 }
63 }
64}