Skip to main content

yeti_types/resource/
permission.rs

1//! `TablePermission` (pre-computed auth decision) and `MethodOverrides`
2//! (which methods a table extender overrides).
3
4use std::sync::Arc;
5
6// ============================================================================
7// TablePermission
8// ============================================================================
9
10/// Pre-computed authorization decision for a table operation.
11///
12/// Computed once by the auth layer, consumed by handlers.
13#[derive(Clone, Debug)]
14pub enum TablePermission {
15    /// Public operation via `@export(public:[...])` — skip all RBAC.
16    Public,
17    /// Full field access (`super_user`, wildcard attributes, or dev mode).
18    FullAccess,
19    /// Restricted to specific readable/writable fields.
20    AttributeRestricted {
21        /// Fields the user can read (None = all).
22        readable: Option<Arc<Vec<String>>>,
23        /// Fields the user can write (None = all).
24        writable: Option<Arc<Vec<String>>>,
25    },
26}
27
28// ============================================================================
29// MethodOverrides — declares which methods a table extender overrides
30// ============================================================================
31
32/// Configuration for which methods are overridden by a custom resource.
33///
34/// Used by `ExtendedTableResource` to know when to delegate to the table
35/// vs. when to call the custom resource's implementation.
36#[derive(Debug, Clone, Default)]
37#[expect(
38    clippy::struct_excessive_bools,
39    reason = "12 bools, one per dispatchable method (get/post/put/patch/delete/search/subscribe/publish/connect/copy/move/invalidate). The shape is dictated by the dispatch table — bitflags would force a parallel HTTP-method enum and obscure the resource-author's mental model (`overrides.get = true; overrides.post = true;`)."
40)]
41pub struct MethodOverrides {
42    /// Override GET handler
43    pub get: bool,
44    /// Override POST handler
45    pub post: bool,
46    /// Override PUT handler
47    pub put: bool,
48    /// Override PATCH handler
49    pub patch: bool,
50    /// Override DELETE handler
51    pub delete: bool,
52    /// Override SEARCH/query handler
53    pub search: bool,
54    /// Override SSE subscribe handler
55    pub subscribe: bool,
56    /// Override WebSocket connect handler
57    pub connect: bool,
58}
59
60impl MethodOverrides {
61    /// Create overrides with all methods overridden.
62    #[must_use]
63    pub const fn all() -> Self {
64        Self {
65            get: true,
66            post: true,
67            put: true,
68            patch: true,
69            delete: true,
70            search: true,
71            subscribe: true,
72            connect: true,
73        }
74    }
75}