pub struct CommunityRoles {
pub roles: Vec<Role>,
pub grants: Vec<MemberGrant>,
}Expand description
The role graph a client AGGREGATES from the fetched per-entity events (RoleMetadata + per-member Grant). Not an on-wire document — the enforcement engine queries this.
Fields§
§roles: Vec<Role>§grants: Vec<MemberGrant>Implementations§
Source§impl CommunityRoles
impl CommunityRoles
Sourcepub fn roles_of<'a>(
&'a self,
member_hex: &'a str,
) -> impl Iterator<Item = &'a Role> + 'a
pub fn roles_of<'a>( &'a self, member_hex: &'a str, ) -> impl Iterator<Item = &'a Role> + 'a
The roles granted to member_hex (resolved through the grant list).
Sourcepub fn effective_permissions(&self, member_hex: &str) -> Permissions
pub fn effective_permissions(&self, member_hex: &str) -> Permissions
Effective permissions for a member = union of their granted roles’ bits.
Sourcepub fn has_permission(&self, member_hex: &str, bits: u64) -> bool
pub fn has_permission(&self, member_hex: &str, bits: u64) -> bool
True iff the member’s effective permissions include every bit in bits.
Sourcepub fn highest_position(&self, member_hex: &str) -> Option<u32>
pub fn highest_position(&self, member_hex: &str) -> Option<u32>
Highest authority (lowest position index) among the member’s roles; None if
they hold no role. The owner (implicit position 0) is handled by the caller.
Sourcepub fn is_privileged(&self, member_hex: &str) -> bool
pub fn is_privileged(&self, member_hex: &str) -> bool
True iff the member holds at least one role (i.e. is privileged below the owner).
Sourcepub fn is_admin(&self, member_hex: &str) -> bool
pub fn is_admin(&self, member_hex: &str) -> bool
True iff the member holds a role with management permissions — an “admin” (vs. a member who holds only a non-management/social role). Drives the member-list crown.
Is actor_hex authorized for an action requiring permission? The owner (the
proven owner npub, if known) is supreme and always authorized; otherwise the actor must hold
a role granting permission. This is the grant-set check the inner-author-proof gates on: a
demoted member is no longer in the grant set, so their actions stop being honored.
Sourcepub fn can_manage_position(
&self,
actor_hex: &str,
owner_hex: Option<&str>,
target_position: u32,
) -> bool
pub fn can_manage_position( &self, actor_hex: &str, owner_hex: Option<&str>, target_position: u32, ) -> bool
escalation defense — may actor_hex manage something sitting at target_position
(grant/revoke/edit/reorder a role)? The actor must strictly outrank it (their highest
authority is a lower position number) AND hold MANAGE_ROLES. The owner is supreme
(implicit position 0, above every role) and always may. Equal cannot act on equal: an admin
can never grant/revoke a peer admin at the same position — only someone strictly above can.
This is what stops an admin granting the Admin role (pos == pos, refused) while still
letting them manage any role beneath them.
Sourcepub fn can_manage_member(
&self,
actor_hex: &str,
owner_hex: Option<&str>,
target_hex: &str,
) -> bool
pub fn can_manage_member( &self, actor_hex: &str, owner_hex: Option<&str>, target_hex: &str, ) -> bool
May actor_hex act on MEMBER target_hex for a role change (add/remove a role)? Resolves the
target’s highest authority and applies the MANAGE_ROLES position rule. The owner is never a
valid target (supreme, unremovable — the sole hardcoded exception).
Sourcepub fn outranks(
&self,
actor_hex: &str,
owner_hex: Option<&str>,
target_position: u32,
) -> bool
pub fn outranks( &self, actor_hex: &str, owner_hex: Option<&str>, target_position: u32, ) -> bool
The pure position test (no permission bit): does actor_hex strictly outrank
target_position? The owner (implicit position 0) outranks everything; a roleless actor
outranks nothing. This is the position half of every authority check — callers AND it with the
specific permission the action needs (BAN, MANAGE_MESSAGES, MANAGE_ROLES, …).
Sourcepub fn can_act_on_position(
&self,
actor_hex: &str,
owner_hex: Option<&str>,
target_position: u32,
permission: u64,
) -> bool
pub fn can_act_on_position( &self, actor_hex: &str, owner_hex: Option<&str>, target_position: u32, permission: u64, ) -> bool
Generalized authority test: may actor_hex perform an action requiring permission against a
target at target_position? Owner is supreme; otherwise the actor must hold permission AND
strictly outrank the target. (can_manage_position is this with MANAGE_ROLES; bans pass
BAN, moderation-hides pass MANAGE_MESSAGES.)
Sourcepub fn can_act_on_member(
&self,
actor_hex: &str,
owner_hex: Option<&str>,
target_hex: &str,
permission: u64,
) -> bool
pub fn can_act_on_member( &self, actor_hex: &str, owner_hex: Option<&str>, target_hex: &str, permission: u64, ) -> bool
Generalized member-targeting authority test (ban / kick / hide / role-change). The owner is
never a valid target; a roleless member sits below everyone. The actor needs permission
plus a strict outrank of the target’s highest role.
Trait Implementations§
Source§impl Clone for CommunityRoles
impl Clone for CommunityRoles
Source§fn clone(&self) -> CommunityRoles
fn clone(&self) -> CommunityRoles
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for CommunityRoles
impl Debug for CommunityRoles
Source§impl Default for CommunityRoles
impl Default for CommunityRoles
Source§fn default() -> CommunityRoles
fn default() -> CommunityRoles
Source§impl<'de> Deserialize<'de> for CommunityRoles
impl<'de> Deserialize<'de> for CommunityRoles
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for CommunityRoles
Source§impl PartialEq for CommunityRoles
impl PartialEq for CommunityRoles
Source§impl Serialize for CommunityRoles
impl Serialize for CommunityRoles
impl StructuralPartialEq for CommunityRoles
Auto Trait Implementations§
impl Freeze for CommunityRoles
impl RefUnwindSafe for CommunityRoles
impl Send for CommunityRoles
impl Sync for CommunityRoles
impl Unpin for CommunityRoles
impl UnsafeUnpin for CommunityRoles
impl UnwindSafe for CommunityRoles
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more