Trait AccessControl 

pub trait AccessControl: Default {
    type Id;

    // Required methods
    fn load<M>(mm: &mut MemoryManager<M>) -> MemoryResult<Self>
       where M: MemoryProvider,
             Self: Sized;
    fn granted(
        &self,
        id: &Self::Id,
        table: TableFingerprint,
        perm: TablePerms,
    ) -> bool;
    fn granted_admin(&self, id: &Self::Id) -> bool;
    fn granted_manage_acl(&self, id: &Self::Id) -> bool;
    fn granted_migrate(&self, id: &Self::Id) -> bool;
    fn grant<M>(
        &mut self,
        id: Self::Id,
        grant: PermGrant,
        mm: &mut MemoryManager<M>,
    ) -> MemoryResult<()>
       where M: MemoryProvider;
    fn revoke<M>(
        &mut self,
        id: &Self::Id,
        revoke: PermRevoke,
        mm: &mut MemoryManager<M>,
    ) -> MemoryResult<()>
       where M: MemoryProvider;
    fn remove_identity<M>(
        &mut self,
        id: &Self::Id,
        mm: &mut MemoryManager<M>,
    ) -> MemoryResult<()>
       where M: MemoryProvider;
    fn perms(&self, id: &Self::Id) -> IdentityPerms;
    fn identities(&self) -> Vec<(Self::Id, IdentityPerms)>;
}

Trait for granular access-control providers.

Implementations gate every CRUD-relevant operation through granted* predicates. Mutations persist via mm.

The Id associated type lets runtimes use native identity representations (Vec<u8> for the generic layer, Principal for the IC adapter, () for the no-op provider).

Required Associated Types

type Id

Native identity type used by this provider.

Required Methods

fn load<M>(mm: &mut MemoryManager<M>) -> MemoryResult<Self>

where M: MemoryProvider, Self: Sized,

Loads ACL state from persisted memory.

fn granted( &self, id: &Self::Id, table: TableFingerprint, perm: TablePerms, ) -> bool

Returns whether id is granted perm on table.

fn granted_admin(&self, id: &Self::Id) -> bool

Returns whether id carries the admin bypass flag.

fn granted_manage_acl(&self, id: &Self::Id) -> bool

Returns whether id carries the manage_acl flag.

fn granted_migrate(&self, id: &Self::Id) -> bool

Returns whether id carries the migrate flag.

fn grant<M>( &mut self, id: Self::Id, grant: PermGrant, mm: &mut MemoryManager<M>, ) -> MemoryResult<()>

where M: MemoryProvider,

Applies a grant to id, creating the entry if missing.

fn revoke<M>( &mut self, id: &Self::Id, revoke: PermRevoke, mm: &mut MemoryManager<M>, ) -> MemoryResult<()>

where M: MemoryProvider,

Applies a revoke to id. No-op if id is not present.

fn remove_identity<M>( &mut self, id: &Self::Id, mm: &mut MemoryManager<M>, ) -> MemoryResult<()>

where M: MemoryProvider,

Removes id entirely from the ACL.

fn perms(&self, id: &Self::Id) -> IdentityPerms

Returns the IdentityPerms currently held by id, or the default (no perms) if id is unknown.

fn identities(&self) -> Vec<(Self::Id, IdentityPerms)>

Returns every identity in the ACL together with its perms.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl AccessControl for AccessControlList

type Id = Vec<u8>

impl AccessControl for NoAccessControl

type Id = ()