Skip to main content

AbacEngine

vellaveto_engine::abac

Struct AbacEngine 

Source 
pub struct AbacEngine { /* private fields */ }
Expand description

The ABAC policy evaluation engine.

Compiles policies at construction time and evaluates them with forbid-overrides semantics (any matching forbid wins over all permits).

Implementations§

Source§

impl AbacEngine

Source

pub fn new( policies: &[AbacPolicy], entities: &[AbacEntity], ) -> Result<Self, String>

Create an ABAC engine from policies and entities.

Compiles all policies and builds the entity store. Returns an error if any policy pattern is invalid or entity bounds are exceeded.

Source

pub fn evaluate( &self, action: &Action, ctx: &AbacEvalContext<'_>, ) -> AbacDecision

Evaluate an action against all ABAC policies.

Uses forbid-overrides semantics:

  1. Collect matching policies (principal + action + resource + conditions)
  2. If any matching policy is Forbid → Deny
  3. If any matching policy is Permit (and no Forbid) → Allow
  4. If nothing matches → NoMatch (caller decides)
Source

pub fn entity_store(&self) -> &EntityStore

Get a reference to the entity store.

Source

pub fn find_conflicts(&self) -> Vec<AbacConflict>

Detect conflicts where permit and forbid policies overlap.

Source

pub fn policy_count(&self) -> usize

Return the number of compiled policies.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more