Grcov report - lib.rs

1

//! Actionable provides the basic functionality needed to build an async-based

2

//! API that has a flexible permissions system integrated.

3

//!

4

//! This crate was designed to be used by [`BonsaiDb`](https://bonsaidb.io/)

5

//! internally, and as a way for users of `BonsaiDb` to extend their database

6

//! servers with their own APIs.

7

//!

8

//! ## Permissions

9

//!

10

//! The [`Permissions`] struct is constructed from a list of `Statement`s. The

11

//! `Statement` struct is inspired by [statements in

12

//! IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html).

13

//! By default, all actions are denied for all resources.

14

//!

15

//! The [`ResourceName`] struct describes a unique name/id of *anything* in your

16

//! application. This is meant to be similar to [ARNs in

17

//! IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns),

18

//! but instead of being restricted to a format by this library, you are able to

19

//! define your own syntax.

20

//!

21

//! The [`Action`] trait is derive-able, and will convert any enum to something

22

//! that can be permitted or denied to any [`ResourceName`]. This derive macro

23

//! only supports enums with variants that have no parameters, or only have a

24

//! single name-less parameter that also implements [`Action`].

25

//!

26

//! An example [`Action`] enum might look like:

27

//!

28

//! ```rust

29

//! # use actionable::Action;

30

//! #[derive(Action, Debug)]

31

//! pub enum AllActions {

32

//!     FlushCache,

33

//!     User(UserActions),

34

//! }

35

//!

36

//! #[derive(Action, Debug)]

37

//! pub enum UserActions {

38

//!     Create,

39

//!     ChangeUsername,

40

//!     Delete,

41

//! }

42

//! ```

43

//!

44

//! An example permissions check for `users.42` might look like:

45

//!

46

//! ```rust

47

//! # use actionable::{Action, Permissions, ResourceName};

48

//! # #[derive(Action, Debug)]

49

//! # pub enum AllActions {

50

//! #     FlushCache,

51

//! #     User(UserActions)

52

//! # }

53

//! #

54

//! # #[derive(Action, Debug)]

55

//! # pub enum UserActions {

56

//! #     Create,

57

//! #     ChangeUsername,

58

//! #     Delete,

59

//! # }

60

//! # let permissions = Permissions::default();

61

//! let allowed = permissions.allowed_to(

62

//!     &ResourceName::named("users").and(42),

63

//!     &AllActions::User(UserActions::Delete),

64

//! );

65

//! ```

66

//!

67

//! ## Configuration

68

//!

69

//! Along with allowing actions to be taken, Actionable can be used to configure

70

//! values that may change on a per-role basis. Rate limits are an example of

71

//! what this API is designed to handle:

72

//!

73

//! ```rust

74

//! # use actionable::{Permissions, Statement, ResourceName, Configuration};

75

//! let permissions = Permissions::from(Statement::for_any().with("rate-limit", 500_u64));

76

//! let effective_rate_limit = permissions

77

//!     .get(&ResourceName::named("core-api"), "rate-limit")

78

//!     .and_then(Configuration::to_unsigned);

79

//! assert_eq!(effective_rate_limit, Some(500));

80

//! ```

81

//!

82

//! ## Permission-driven async API

83

//!

84

//! At the core of many networked APIs written in Rust is an enum that

85

//! represents a request, and similarly there are usually common response/error

86

//! types. In these applications, there is usually a manually-written match

87

//! statement that, for readability and maintainability, simply pass the

88

//! parameters from the request to a helper method to handle the actual logic of

89

//! the request.

90

//!

91

//! The goal of the API portion of this crate is to replace the aforementioned

92

//! boilerplate match statement with a simple derive macro. For a commented

93

//! example, check out

94

//! [`actionable/examples/api-simulator.rs`](https://github.com/khonsulabs/actionable/blob/main/actionable/examples/api-simulator.rs).

95

96

#![forbid(unsafe_code)]

97

#![warn(

98

    clippy::cargo,

99

    missing_docs,

100

    clippy::pedantic,

101

    future_incompatible,

102

    rust_2018_idioms

103

)]

104

#![allow(clippy::module_name_repetitions)]

105

#![cfg_attr(doc, deny(rustdoc::all))]

106

107

mod action;

108

mod dispatcher;

109

mod permissions;

110

mod statement;

111

112

pub use actionable_macros::Actionable;

113

#[doc(hidden)]

114

pub use async_trait::async_trait;

115

use serde::{Deserialize, Serialize};

116

117

pub use self::{

118

    action::{Action, ActionName},

119

    dispatcher::{AsyncDispatcher, Dispatcher},

120

    permissions::Permissions,

121

    statement::{ActionNameList, Configuration, Identifier, ResourceName, Statement},

122

};

123

124

#[cfg(test)]

125

mod tests;

126

127

/// An `action` was denied.

128

#[derive(thiserror::Error, Clone, Debug, Serialize, Deserialize)]

129

#[error("Action '{action}' was denied on resource '{resource}'")]

130

pub struct PermissionDenied {

131

    /// The resource that `action` was attempted upon.

132

    pub resource: ResourceName<'static>,

133

    /// The `action` attempted upon `resource`.

134

    pub action: ActionName,

135