systemprompt_security/authz/types/
rule.rs

1use serde::{Deserialize, Serialize};
2use systemprompt_identifiers::RuleId;
3
4use super::kinds::{Access, EntityKind, RuleType};
5
6#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, sqlx::FromRow)]
7pub struct AccessRule {
8    pub id: RuleId,
9    pub rule_type: RuleType,
10    pub rule_value: String,
11    pub access: Access,
12    #[serde(default, skip_serializing_if = "Option::is_none")]
13    pub justification: Option<String>,
14}
15
16/// One row from `access_control_entities`.
17///
18/// The `source` provenance string identifies which loader pass first
19/// registered the entity: `"profile:<name>"`, `"roles.yaml"`, or
20/// `"bootstrap:*"` for rows promoted from older schemas by a migration.
21///
22/// A `None` lookup result means the entity is unknown to access control and
23/// the resolver returns [`super::decision::DenyReason::UnknownEntity`] rather
24/// than the generic `NotAssigned`.
25#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
26pub struct EntityRow {
27    pub kind: EntityKind,
28    pub id: String,
29    pub default_included: bool,
30    pub source: String,
31}
systemprompt_security/authz/types/rule.rs

systemprompt_security/authz/types/
rule.rs
