pub struct TokenScope {
pub resource_kind: String,
pub resource_id: Option<String>,
pub level: PermissionLevel,
}Expand description
One scope grant carried inside a scoped access token (and persisted on the
token record). A scope authorizes level access to a resource identified by
resource_kind + resource_id (where resource_id == None is a wildcard
covering every resource of that kind).
This is the token-embedded analogue of StoredPermission: a permission
binds a subject to a resource, whereas a TokenScope is baked into a
bearer token so the holder carries its own (attenuated) authority. The
resource_kind strings are the same canonical set documented on
StoredPermission ("deployment", "project", "secret", "node",
"environment").
Fields§
§resource_kind: StringThe kind of resource this scope authorizes (e.g. "deployment").
resource_id: Option<String>A specific resource id, or None for a wildcard (all resources of that
kind).
level: PermissionLevelThe granted access level.
Implementations§
Source§impl TokenScope
impl TokenScope
Sourcepub fn new(
resource_kind: impl Into<String>,
resource_id: Option<String>,
level: PermissionLevel,
) -> Self
pub fn new( resource_kind: impl Into<String>, resource_id: Option<String>, level: PermissionLevel, ) -> Self
Create a new token scope.
Sourcepub fn satisfies(
&self,
resource_kind: &str,
resource_id: Option<&str>,
level: PermissionLevel,
) -> bool
pub fn satisfies( &self, resource_kind: &str, resource_id: Option<&str>, level: PermissionLevel, ) -> bool
Whether this scope satisfies a request for level access to
(resource_kind, resource_id). The scope matches when the kinds are
equal, the scope’s resource_id is a wildcard (None) or exactly equals
the requested id, and the scope’s level is >= the requested level.
Trait Implementations§
Source§impl Clone for TokenScope
impl Clone for TokenScope
Source§fn clone(&self) -> TokenScope
fn clone(&self) -> TokenScope
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl ComposeSchema for TokenScope
impl ComposeSchema for TokenScope
Source§impl Debug for TokenScope
impl Debug for TokenScope
Source§impl<'de> Deserialize<'de> for TokenScope
impl<'de> Deserialize<'de> for TokenScope
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for TokenScope
Source§impl PartialEq for TokenScope
impl PartialEq for TokenScope
Source§fn eq(&self, other: &TokenScope) -> bool
fn eq(&self, other: &TokenScope) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for TokenScope
impl Serialize for TokenScope
impl StructuralPartialEq for TokenScope
Auto Trait Implementations§
impl Freeze for TokenScope
impl RefUnwindSafe for TokenScope
impl Send for TokenScope
impl Sync for TokenScope
impl Unpin for TokenScope
impl UnsafeUnpin for TokenScope
impl UnwindSafe for TokenScope
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.