Expand description
Group identifiers for group-based authorization decisions.
Groups model exact membership such as departments, teams, tenants, projects, or other organizational units. Unlike roles, groups do not imply privilege ordering. A user is either a member of the group or not.
§Examples
Create groups and use them in access policies:
use webgates_core::authz::access_policy::AccessPolicy;
use webgates_core::groups::Group;
use webgates_core::roles::Role;
let engineering = Group::new("engineering");
let marketing = Group::new("marketing");
let policy = AccessPolicy::<Role, Group>::require_group(engineering.clone())
.or_require_group(marketing.clone());
assert_eq!(engineering.name(), "engineering");
assert_eq!(marketing.name(), "marketing");
assert!(!policy.denies_all());Common naming patterns:
use webgates_core::groups::Group;
let departments = vec![
Group::new("engineering"),
Group::new("marketing"),
Group::new("support"),
];
let project_groups = vec![
Group::new("project-alpha"),
Group::new("project-beta"),
];
let teams = vec![
Group::new("frontend-team"),
Group::new("backend-team"),
Group::new("qa-team"),
];
assert_eq!(departments.len(), 3);
assert_eq!(project_groups.len(), 2);
assert_eq!(teams.len(), 3);Structs§
- Group
- A group identifier used for exact membership checks.
Traits§
- Group
Entity - Trait for types that expose a stable group identifier.