Struct Capabilities

pub struct Capabilities { /* private fields */ }

Capabilities are used to limit what a user can do to the system.

Capabilities are split into 4 categories:

• Scripting: Whether or not the user can execute scripts
• Guest access: Whether or not a non-authenticated user can execute queries on the system when authentication is enabled.
• Functions: Whether or not the user can execute certain functions
• Network: Whether or not the user can access certain network addresses

Capabilities are configured globally. By default, capabilities are configured as:

• Scripting: false
• Guest access: false
• Functions: All functions are allowed
• Network: No network address is allowed nor denied, hence all network addresses are denied unless explicitly allowed

The capabilities are defined using allow/deny lists for fine-grained control.

Examples:

• Allow all functions: --allow-funcs
• Allow all functions except http.*: --allow-funcs --deny-funcs 'http.*'
• Allow all network addresses except AWS metadata endpoint: --allow-net --deny-net='169.254.169.254'

Examples

Create a new instance, and allow all capabilities

let capabilities = Capabilities::all();
let config = Config::default().capabilities(capabilities);
let db = Surreal::new::<File>(("temp.db", config)).await?;

Create a new instance, and allow certain functions

let capabilities = Capabilities::default()
    .with_functions(Targets::<FuncTarget>::All)
    .without_functions(Targets::<FuncTarget>::Some(
        [FuncTarget::from_str("http::*").unwrap()].into(),
    ));
let config = Config::default().capabilities(capabilities);
let db = Surreal::new::<File>(("temp.db", config)).await?;

Implementations

impl Capabilities

pub fn all() -> Self

pub fn with_scripting(self, scripting: bool) -> Self

pub fn with_guest_access(self, guest_access: bool) -> Self

pub fn with_live_query_notifications( self, live_query_notifications: bool, ) -> Self

pub fn with_functions(self, allow_funcs: Targets<FuncTarget>) -> Self

pub fn without_functions(self, deny_funcs: Targets<FuncTarget>) -> Self

pub fn with_network_targets(self, allow_net: Targets<NetTarget>) -> Self

pub fn without_network_targets(self, deny_net: Targets<NetTarget>) -> Self

pub fn allows_scripting(&self) -> bool

pub fn allows_guest_access(&self) -> bool

pub fn allows_live_query_notifications(&self) -> bool

pub fn allows_function(&self, target: &FuncTarget) -> bool

pub fn allows_network_target(&self, target: &NetTarget) -> bool

Trait Implementations

impl Clone for Capabilities

fn clone(&self) -> Capabilities

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Capabilities

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Capabilities

fn default() -> Self

Returns the “default value” for a type.

impl Display for Capabilities

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.