Struct cedar_policy::Authorizer
source · pub struct Authorizer(/* private fields */);
Expand description
Authorizer object, which provides responses to authorization queries
Implementations§
source§impl Authorizer
impl Authorizer
sourcepub fn new() -> Self
pub fn new() -> Self
Create a new Authorizer
The authorizer uses the stacker
crate to manage stack size and tries to use a sane default.
If the default is not right for you, you can try wrapping the authorizer or individual calls
to is_authorized
in stacker::grow
.
let authorizer = Authorizer::new();
let r = authorizer.is_authorized(&request, &policy, &entities);
Returns an authorization response for r
with respect to the given
PolicySet
and Entities
.
The language spec and Dafny model give a precise definition of how this is computed.
use cedar_policy::{Authorizer,Context,Entities,EntityId,EntityTypeName,
EntityUid, Request,PolicySet};
use std::str::FromStr;
// create a request
let p_eid = EntityId::from_str("alice").unwrap();
let p_name: EntityTypeName = EntityTypeName::from_str("User").unwrap();
let p = EntityUid::from_type_name_and_id(p_name, p_eid);
let a_eid = EntityId::from_str("view").unwrap();
let a_name: EntityTypeName = EntityTypeName::from_str("Action").unwrap();
let a = EntityUid::from_type_name_and_id(a_name, a_eid);
let r_eid = EntityId::from_str("trip").unwrap();
let r_name: EntityTypeName = EntityTypeName::from_str("Album").unwrap();
let r = EntityUid::from_type_name_and_id(r_name, r_eid);
let c = Context::empty();
let request: Request = Request::new(Some(p), Some(a), Some(r), c);
// create a policy
let s = r#"
permit (
principal == User::"alice",
action == Action::"view",
resource == Album::"trip"
)
when { principal.ip_addr.isIpv4() };
"#;
let policy = PolicySet::from_str(s).expect("policy error");
// create entities
let e = r#"[
{
"uid": {"type":"User","id":"alice"},
"attrs": {
"age":19,
"ip_addr":{"__extn":{"fn":"ip", "arg":"10.0.1.101"}}
},
"parents": []
}
]"#;
let entities = Entities::from_json_str(e, None).expect("entity error");
let authorizer = Authorizer::new();
let r = authorizer.is_authorized(&request, &policy, &entities);
println!("{:?}", r);
Trait Implementations§
source§impl Debug for Authorizer
impl Debug for Authorizer
source§impl Default for Authorizer
impl Default for Authorizer
Auto Trait Implementations§
impl Freeze for Authorizer
impl !RefUnwindSafe for Authorizer
impl Send for Authorizer
impl Sync for Authorizer
impl Unpin for Authorizer
impl !UnwindSafe for Authorizer
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
Converts
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
Converts
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more