11 releases

0.2.0 Feb 18, 2022
0.1.0 Jan 27, 2022
0.1.0-rc.3 Dec 7, 2021
0.1.0-rc.2 Nov 9, 2021
0.1.0-dev.4 Jul 23, 2021

#66 in #permissions

Download history 220/week @ 2023-11-25 171/week @ 2023-12-02 68/week @ 2023-12-09 110/week @ 2023-12-16 74/week @ 2023-12-23 38/week @ 2023-12-30 109/week @ 2024-01-06 152/week @ 2024-01-13 163/week @ 2024-01-20 139/week @ 2024-01-27 147/week @ 2024-02-03 255/week @ 2024-02-10 153/week @ 2024-02-17 116/week @ 2024-02-24 102/week @ 2024-03-02 74/week @ 2024-03-09

466 downloads per month
Used in 15 crates (via actionable)

MIT/Apache

32KB
625 lines

actionable

crate version Live Build Status HTML Coverage Report for main branch Documentation for main branch

Actionable provides the basic functionality needed to build an async-based API that has a flexible permissions system integrated.

This crate was designed to be used by BonsaiDb internally, and as a way for users of BonsaiDb to extend their database servers with their own APIs.

Permissions

The Permissions struct is constructed from a list of Statements. The Statement struct is inspired by statements in IAM. By default, all actions are denied for all resources.

The ResourceName struct describes a unique name/id of anything in your application. This is meant to be similar to ARNs in IAM, but instead of being restricted to a format by this library, you are able to define your own syntax.

The Action trait is derive-able, and will convert any enum to something that can be permitted or denied to any ResourceName. This derive macro only supports enums with variants that have no parameters, or only have a single name-less parameter that also implements Action.

An example Action enum might look like:

#[derive(Action, Debug)]
pub enum AllActions {
    FlushCache,
    User(UserActions)
}

#[derive(Action, Debug)]
pub enum UserActions {
    Create,
    ChangeUsername,
    Delete,
}

An example permissions check for users.42 might look like:

let allowed = permissions.allowed_to(
    &ResourceName::named("users").and(42),
    &AllActions::User(UserActions::Delete)
);

Permission-driven async API

At the core of many networked APIs written in Rust is an enum that represents a request, and similarly there are usually common response/error types. In these applications, there is usually a manually-written match statement that, for readability and maintainability, simply pass the parameters from the request to a helper method to handle the actual logic of the request.

The goal of the API portion of this crate is to replace the aforementioned boilerplate match statement with a simple derive macro. For a commented example, check out actionable/examples/api-simulator.rs.

Open-source Licenses

This project, like all projects from Khonsu Labs, are open-source. This repository is available under the MIT License or the Apache License 2.0.

Dependencies

~2MB
~41K SLoC