11 releases
0.2.0 | Feb 18, 2022 |
---|---|
0.1.0 | Jan 27, 2022 |
0.1.0-rc.3 | Dec 7, 2021 |
0.1.0-rc.2 | Nov 9, 2021 |
0.1.0-dev.4 | Jul 23, 2021 |
#85 in #permissions
353 downloads per month
Used in 15 crates
(via actionable)
32KB
625 lines
actionable
Actionable provides the basic functionality needed to build an async-based API that has a flexible permissions system integrated.
This crate was designed to be used by BonsaiDb
internally, and as a way for users of BonsaiDb
to extend their database
servers with their own APIs.
Permissions
The Permissions
struct is constructed from a list of Statement
s. The
Statement
struct is inspired by statements in
IAM.
By default, all actions are denied for all resources.
The ResourceName
struct describes a unique name/id of anything in your
application. This is meant to be similar to ARNs in
IAM,
but instead of being restricted to a format by this library, you are able to
define your own syntax.
The Action
trait is derive-able, and will convert any enum to something
that can be permitted or denied to any ResourceName
. This derive macro
only supports enums with variants that have no parameters, or only have a
single name-less parameter that also implements Action
.
An example Action
enum might look like:
#[derive(Action, Debug)]
pub enum AllActions {
FlushCache,
User(UserActions)
}
#[derive(Action, Debug)]
pub enum UserActions {
Create,
ChangeUsername,
Delete,
}
An example permissions check for users.42
might look like:
let allowed = permissions.allowed_to(
&ResourceName::named("users").and(42),
&AllActions::User(UserActions::Delete)
);
Permission-driven async API
At the core of many networked APIs written in Rust is an enum that represents a request, and similarly there are usually common response/error types. In these applications, there is usually a manually-written match statement that, for readability and maintainability, simply pass the parameters from the request to a helper method to handle the actual logic of the request.
The goal of the API portion of this crate is to replace the aforementioned
boilerplate match statement with a simple derive macro. For a commented example, check out actionable/examples/api-simulator.rs
.
Open-source Licenses
This project, like all projects from Khonsu Labs, are open-source. This repository is available under the MIT License or the Apache License 2.0.
Dependencies
~2MB
~46K SLoC