Skip to main content

wasm_dbms_memory/acl/
no_acl.rs

1// Rust guideline compliant 2026-04-27
2// X-WHERE-CLAUSE, M-PUBLIC-DEBUG, M-CANONICAL-DOCS
3
4//! ACL provider that grants every operation unconditionally.
5
6use wasm_dbms_api::prelude::{
7    IdentityPerms, MemoryResult, PermGrant, PermRevoke, TableFingerprint, TablePerms,
8};
9
10use super::traits::AccessControl;
11use crate::{MemoryManager, MemoryProvider};
12
13/// ACL provider that grants every operation unconditionally.
14///
15/// Use this for runtimes that handle authorization externally
16/// or do not need access control.
17#[derive(Default, Debug, Clone, PartialEq, Eq)]
18pub struct NoAccessControl;
19
20impl AccessControl for NoAccessControl {
21    type Id = ();
22
23    fn load<M>(_mm: &mut MemoryManager<M>) -> MemoryResult<Self>
24    where
25        M: MemoryProvider,
26    {
27        Ok(Self)
28    }
29
30    fn granted(&self, _: &Self::Id, _: TableFingerprint, _: TablePerms) -> bool {
31        true
32    }
33
34    fn granted_admin(&self, _: &Self::Id) -> bool {
35        true
36    }
37
38    fn granted_manage_acl(&self, _: &Self::Id) -> bool {
39        true
40    }
41
42    fn granted_migrate(&self, _: &Self::Id) -> bool {
43        true
44    }
45
46    fn grant<M>(&mut self, _: Self::Id, _: PermGrant, _: &mut MemoryManager<M>) -> MemoryResult<()>
47    where
48        M: MemoryProvider,
49    {
50        Ok(())
51    }
52
53    fn revoke<M>(
54        &mut self,
55        _: &Self::Id,
56        _: PermRevoke,
57        _: &mut MemoryManager<M>,
58    ) -> MemoryResult<()>
59    where
60        M: MemoryProvider,
61    {
62        Ok(())
63    }
64
65    fn remove_identity<M>(&mut self, _: &Self::Id, _: &mut MemoryManager<M>) -> MemoryResult<()>
66    where
67        M: MemoryProvider,
68    {
69        Ok(())
70    }
71
72    fn perms(&self, _: &Self::Id) -> IdentityPerms {
73        IdentityPerms::fully_permissive()
74    }
75
76    fn identities(&self) -> Vec<(Self::Id, IdentityPerms)> {
77        vec![]
78    }
79}
80
81#[cfg(test)]
82mod tests {
83    use wasm_dbms_api::prelude::fingerprint_for_name;
84
85    use super::*;
86    use crate::HeapMemoryProvider;
87
88    fn fp(name: &str) -> TableFingerprint {
89        fingerprint_for_name(name)
90    }
91
92    #[test]
93    fn test_grants_everything() {
94        let acl = NoAccessControl;
95        assert!(acl.granted(&(), fp("users"), TablePerms::all()));
96        assert!(acl.granted_admin(&()));
97        assert!(acl.granted_manage_acl(&()));
98        assert!(acl.granted_migrate(&()));
99    }
100
101    #[test]
102    fn test_mutations_are_noops() {
103        let mut mm = MemoryManager::init(HeapMemoryProvider::default());
104        let mut acl = NoAccessControl;
105        acl.grant((), PermGrant::Admin, &mut mm).unwrap();
106        acl.revoke(&(), PermRevoke::Admin, &mut mm).unwrap();
107        acl.remove_identity(&(), &mut mm).unwrap();
108        assert!(acl.identities().is_empty());
109    }
110
111    #[test]
112    fn test_perms_are_fully_permissive() {
113        let acl = NoAccessControl;
114        assert_eq!(acl.perms(&()), IdentityPerms::fully_permissive());
115    }
116}