Expand description
Built-in hierarchical roles for authorization decisions.
Use this module when the default webgates-core role hierarchy matches your
application. If not, define your own role enum and implement
crate::authz::access_hierarchy::AccessHierarchy.
The built-in hierarchy is ordered from least privileged to most privileged:
This ordering matters because crate::authz::access_hierarchy::AccessHierarchy uses the type’s
total ordering to determine whether one role is the same as, or supervises,
another role.
§Examples
use webgates_core::authz::access_policy::AccessPolicy;
use webgates_core::groups::Group;
use webgates_core::roles::Role;
let exact_admin = AccessPolicy::<Role, Group>::require_role(Role::Admin);
let moderator_or_higher =
AccessPolicy::<Role, Group>::require_role_or_supervisor(Role::Moderator);
assert!(!exact_admin.denies_all());
assert!(!moderator_or_higher.denies_all());§Custom role hierarchies
If your application needs a different hierarchy, define your own enum in
least-privileged to most-privileged order and implement
crate::authz::access_hierarchy::AccessHierarchy for it.
use serde::{Deserialize, Serialize};
use webgates_core::authz::access_hierarchy::AccessHierarchy;
#[derive(Debug, Default, Copy, Clone, Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
enum CompanyRole {
#[default]
Employee,
TeamLead,
Manager,
Director,
}
impl std::fmt::Display for CompanyRole {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
CompanyRole::Employee => write!(f, "Employee"),
CompanyRole::TeamLead => write!(f, "TeamLead"),
CompanyRole::Manager => write!(f, "Manager"),
CompanyRole::Director => write!(f, "Director"),
}
}
}
impl AccessHierarchy for CompanyRole {}Structs§
Enums§
- Role
- Built-in roles ordered from least privileged to most privileged.