Expand description
Authentication and access control traits. Authentication and authorization framework types.
Defines: AuthError, AuthIdentity, Access (closed enum, the
request authorization decision), the RBAC value tree
(User/Role/Permission/DatabasePermission/TablePermission/
AttributePermission), AuthProvider (plugin extension for
authentication — produces AuthIdentity), AuthPipeline,
CookieJar.
Structs§
- Attribute
Permission - Per-attribute permission flags.
- Auth
Pipeline - Authentication pipeline — runs providers in priority order.
- Cookie
Jar - Simple cookie jar abstraction for auth providers.
- Database
Permission - Database-level permissions — owns a per-table grant map.
- Lifecycle
Token - Token data surfaced to
AuthLifecycleHook::on_token_refresh. - Lifecycle
User - Minimal user view handed to lifecycle hooks.
- Permission
- Role permissions — owns a per-database permission tree plus the
platform-wide
super_usertoggle. - Role
- Named role assignable to a user.
- Table
Permission - Table-level CRUD permission grants.
- User
- Authenticated user — username + assigned role. Held inside
Access::Userwhen a request has been authenticated; theArckeepsAccesscheap to clone across the pipeline.
Enums§
- Access
- Authorization decision attached to a request
Context. - Auth
Error - Authentication error.
- Auth
Identity - Authentication identity — the result of successful authentication.
Constants§
- ROLE_
SUPER_ USER - Reserved role id for the platform’s built-in unrestricted role.
Traits§
- Auth
Lifecycle Hook - Auth lifecycle hook — fires on login, logout, and token refresh of the legacy static auth path (Basic / JWT / OAuth session).
- Auth
Provider - Authentication provider trait.