Struct cedar_policy_core::evaluator::Evaluator

source · 
pub struct Evaluator<'e> { /* private fields */ }
Expand description

Evaluator object.

Conceptually keeps the evaluation environment as part of its internal state, because we will be repeatedly invoking the evaluator on every policy in a Slice.

Implementations§

source§

impl<'q, 'e> Evaluator<'e>

source

pub fn new( q: &'q Request, entities: &'e Entities, extensions: &'e Extensions<'e> ) -> Result<Self, EvaluationError>

Create a fresh Evaluator for the given request, which uses the given Entities to resolve entity references. Use the given Extensions when evaluating the request.

(An Entities is the entity-hierarchy portion of a Slice, without the policies.)

Can throw an error, eg if evaluating attributes in the context throws an error.

source

pub fn evaluate(&self, p: &Policy) -> Result<bool, EvaluationError>

Evaluate the given Policy, returning either a bool or an error. The bool indicates whether the policy applies, ie, “is satisfied” for the current request. This is different than “if the current request should be allowed” – it doesn’t consider whether we’re processing a Permit policy or a Forbid policy.

source

pub fn partial_evaluate( &self, p: &Policy ) -> Result<Either<bool, Expr>, EvaluationError>

Partially evaluate the given Policy, returning one of:

  1. A boolean, if complete evaluation was possible
  2. An error, if the policy is guaranteed to error
  3. A residual, if complete evaluation was impossible The bool indicates whether the policy applies, ie, “is satisfied” for the current request. This is different than “if the current request should be allowed” – it doesn’t consider whether we’re processing a Permit policy or a Forbid policy.
source

pub fn run_to_error( &self, e: &Expr, slots: &SlotEnv ) -> (PartialValue, Option<EvaluationError>)

Run an expression as far as possible. however, if an error is encountered, instead of error-ing, wrap the error in a call the error extension function.

source

pub fn interpret( &self, e: &Expr, slots: &SlotEnv ) -> Result<Value, EvaluationError>

Interpret an Expr into a Value in this evaluation environment.

Ensures the result is not a residual. May return an error, for instance if the Expr tries to access an attribute that doesn’t exist.

source

pub fn partial_interpret( &self, e: &Expr, slots: &SlotEnv ) -> Result<PartialValue, EvaluationError>

Interpret an Expr into a Value in this evaluation environment.

May return a residual expression, if the input expression is symbolic. May return an error, for instance if the Expr tries to access an attribute that doesn’t exist.

Trait Implementations§

source§

impl<'e> Debug for Evaluator<'e>

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<'e> !RefUnwindSafe for Evaluator<'e>

§

impl<'e> !Send for Evaluator<'e>

§

impl<'e> !Sync for Evaluator<'e>

§

impl<'e> Unpin for Evaluator<'e>

§

impl<'e> !UnwindSafe for Evaluator<'e>

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.