Lib.rs

Database interfaces
#access-control #user-id #query-language #check #acl #record #dsl

qcl

A Query Check Language written in Rust

Owned by lollipopkit.

1 unstable release

0.1.0 Sep 11, 2024

#1503 in Database interfaces

Apache-2.0

55KB
1.5K SLoC

QCL

a simple language that allows you to check the eval result of a query.

Intro

It's designed to be used in ACL (Access Control List) systems, where you need to check if a user has access to a resource.

Example

(
    @req.user.role == 'admin' 
    ||
    @req.user.id in @record.granted
)
&&
(
    @record.published
    ||
    @record.owner == @req.user.id
)

Let's break it down:

  • @req.user.role == 'admin': Check if the user has the role of admin.
  • @req.user.id in @record.granted: Check if the user's id is in the granted list of the record.
  • @record.published: Check if the record is published.
  • @record.owner == @req.user.id: Check if the record's owner is the user.

The above example is a simple ACL system that checks if the user has access to a record.

More language details can be found in LANG.md.

Usage

Integration

// Parse expr
let expr = "@req.user.name in 'foobar' && @files.0.published == true";
let expr = Expr::try_from(expr)?;

// Construct context
let ctx_names = expr.requested_ctx(); // ["req", "files"]
// You can construct the context indeed, but we use json! for simplicity
let ctx = json!({
    "req": {
        "user": "foo"
    },
    "files": [
        {
            "name": "file1",
            "published": true
        }
    ]
});

// Eval
let result = expr.eval(ctx.into())?; // Val::Bool(true)
match result {
    Val::Bool(b) => {
        assert!(b);
    }
    _ => {
        panic!("unexpected result");
    }
}

CLI

QCL

License

Apache-2.0
2024 @lollipopkit

Dependencies

~0.8–1.7MB
~36K SLoC