Skip to main content

Account

webgates_core::accounts

Struct Account 

Source 
pub struct Account<R, G>
where
    R: AccessHierarchy + Eq,
    G: Eq + Clone,
{
    pub account_id: Uuid,
    pub user_id: String,
    pub roles: Vec<R>,
    pub groups: Vec<G>,
    pub permissions: Permissions,
}
Expand description

Authorization-relevant information about a user or principal.

Account is the main input to authorization checks in webgates-core. It stores the user identity plus the roles, groups, and direct permissions that a policy may evaluate.

In most applications, you create or load an account during authentication, then pass it into an authorization service when a protected operation is requested.

§Creating Accounts

use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::permissions::Permissions;
use webgates_core::roles::Role;

let account = Account::<Role, Group>::new("user123");

let permissions: Permissions = ["read:profile", "write:profile"].into_iter().collect();
let account = Account::<Role, Group>::new("admin@example.com")
    .with_roles(vec![Role::Admin])
    .with_groups(vec![Group::new("staff")])
    .with_permissions(permissions);

§Working with Permissions

account.grant_permission("read:api");
account.grant_permission(PermissionId::from("write:api"));

if account.permissions.has("read:api") {
    println!("User can read API");
}

account.revoke_permission("write:api");

Fields§

§account_id: Uuid

Stable unique identifier for the account.

This UUID is generated when the account is created. Applications can use it as the durable internal identifier that links account state to other records such as credentials, profiles, or repository entries.

§user_id: String

Application-level user identifier, such as an email address or username.

This is typically the identifier a person uses to log in and the one your application uses to look up the account.

§roles: Vec<R>

Roles assigned to this account.

Roles usually represent broad privilege levels such as user, moderator, or admin. When the role type implements AccessHierarchy, higher roles can satisfy lower-role requirements when a policy allows supervisor access.

§groups: Vec<G>

Groups this account belongs to.

Groups model exact membership such as departments, tenants, project teams, or support rotations.

§permissions: Permissions

Directly granted permissions for this account.

Use direct permissions when roles or groups are too broad and you need feature-level or action-level access control.

Implementations§

Source§

impl<R, G> Account<R, G>
where R: AccessHierarchy + Eq + Clone + Default, G: Eq + Clone,

Source

pub fn new(user_id: &str) -> Self

Creates a new account for the given user identifier.

A fresh UUID is generated automatically. The new account starts with:

  • the default role for R
  • no groups
  • no direct permissions

With the built-in crate::roles::Role type, the default role is Role::User.

§Parameters
  • user_id: Unique identifier for the user, such as an email or username.
§Examples
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::roles::Role;

let account = Account::<Role, Group>::new("user@example.com");

assert_eq!(account.user_id, "user@example.com");
assert_eq!(account.roles, vec![Role::User]);
assert!(account.groups.is_empty());
Source

pub fn with_roles(self, roles: Vec<R>) -> Self

Returns this account with the provided roles.

This is useful when building an account that should not keep the single default role assigned by Self::new.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::roles::Role;

let account = Account::<Role, Group>::new("user@example.com")
    .with_roles(vec![Role::Admin]);

assert!(account.has_role(&Role::Admin));
assert!(!account.has_role(&Role::User));
Source

pub fn with_groups(self, groups: Vec<G>) -> Self

Returns this account with the provided groups.

This is useful when building an account with initial group membership.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::roles::Role;

let account = Account::<Role, Group>::new("user@example.com")
    .with_groups(vec![Group::new("engineering")]);

assert!(account.is_member_of(&Group::new("engineering")));
assert!(!account.is_member_of(&Group::new("marketing")));
Source

pub fn with_permissions(self, permissions: Permissions) -> Self

Returns this account with the provided direct permissions.

This is useful when building an account that starts with a known permission set.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::permissions::Permissions;
use webgates_core::roles::Role;

let permissions: Permissions = ["read:profile", "write:profile"].into_iter().collect();
let account = Account::<Role, Group>::new("user@example.com")
    .with_permissions(permissions);
Source

pub fn grant_permission<P>(&mut self, permission: P)
where P: Into<PermissionId>,

Grants a direct permission to this account.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::permissions::permission_id::PermissionId;
use webgates_core::roles::Role;

let mut account = Account::<Role, Group>::new("user");
account.grant_permission("read:profile");
account.grant_permission(PermissionId::from("write:profile"));
Source

pub fn revoke_permission<P>(&mut self, permission: P)
where P: Into<PermissionId>,

Revokes a direct permission from this account.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::permissions::permission_id::PermissionId;
use webgates_core::roles::Role;

let mut account = Account::<Role, Group>::new("user");
account.grant_permission("write:profile");
account.revoke_permission(PermissionId::from("write:profile"));
Source

pub fn has_role(&self, role: &R) -> bool

Returns true when this account has the given role.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::roles::Role;

let account = Account::<Role, Group>::new("user@example.com");

assert!(account.has_role(&Role::User));
assert!(!account.has_role(&Role::Admin));
Source

pub fn is_member_of(&self, group: &G) -> bool

Returns true when this account belongs to the given group.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::roles::Role;

let mut account = Account::<Role, Group>::new("user@example.com");
account.groups.push(Group::new("engineering"));

assert!(account.is_member_of(&Group::new("engineering")));
assert!(!account.is_member_of(&Group::new("marketing")));
Source

pub fn has_permission<P>(&self, permission: P) -> bool
where P: Into<PermissionId>,

Returns true when this account has the specified direct permission.

Accepts any type that converts into PermissionId, such as &str or PermissionId itself.

§Example
use webgates_core::accounts::Account;
use webgates_core::groups::Group;
use webgates_core::permissions::permission_id::PermissionId;
use webgates_core::roles::Role;

let mut account = Account::<Role, Group>::new("user@example.com");
account.grant_permission("read:api");
account.grant_permission(PermissionId::from("write:docs"));

assert!(account.has_permission("read:api"));
assert!(account.has_permission(PermissionId::from("write:docs")));
assert!(!account.has_permission("admin:system"));

Trait Implementations§

Source§

impl<R, G> Clone for Account<R, G>
where R: AccessHierarchy + Eq + Clone, G: Eq + Clone + Clone,

Source§

fn clone(&self) -> Account<R, G>

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<R, G> Debug for Account<R, G>
where R: AccessHierarchy + Eq + Debug, G: Eq + Clone + Debug,

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de, R, G> Deserialize<'de> for Account<R, G>
where R: AccessHierarchy + Eq + Deserialize<'de>, G: Eq + Clone + Deserialize<'de>,

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl<R, G> PartialEq for Account<R, G>
where R: AccessHierarchy + Eq + PartialEq, G: Eq + Clone + PartialEq,

Source§

fn eq(&self, other: &Account<R, G>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<R, G> Serialize for Account<R, G>
where R: AccessHierarchy + Eq + Serialize, G: Eq + Clone + Serialize,

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl<R, G> StructuralPartialEq for Account<R, G>
where R: AccessHierarchy + Eq, G: Eq + Clone,

Auto Trait Implementations§

§

impl<R, G> Freeze for Account<R, G>

§

impl<R, G> RefUnwindSafe for Account<R, G>
where R: RefUnwindSafe, G: RefUnwindSafe,

§

impl<R, G> Send for Account<R, G>
where R: Send, G: Send,

§

impl<R, G> Sync for Account<R, G>
where R: Sync, G: Sync,

§

impl<R, G> Unpin for Account<R, G>
where R: Unpin, G: Unpin,

§

impl<R, G> UnsafeUnpin for Account<R, G>

§

impl<R, G> UnwindSafe for Account<R, G>
where R: UnwindSafe, G: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,