surrealdb_core/iam/
mod.rs1use cedar_policy::Context;
2pub use entities::Level;
3use thiserror::Error;
4
5pub mod access;
6pub mod auth;
7pub mod base;
8pub mod check;
9pub mod clear;
10pub mod entities;
11pub mod issue;
12#[cfg(feature = "jwks")]
13pub mod jwks;
14pub mod policies;
15pub mod reset;
16pub mod signin;
17pub mod signup;
18pub mod token;
19pub mod verify;
20
21pub use self::auth::*;
22pub use self::entities::*;
23
24#[derive(Error, Debug)]
25#[non_exhaustive]
26pub enum Error {
27 #[error("Invalid role '{0}'")]
28 InvalidRole(String),
29
30 #[error("Not enough permissions to perform this action")]
31 NotAllowed {
32 actor: String,
33 action: String,
34 resource: String,
35 },
36}
37
38impl From<Error> for String {
39 fn from(e: Error) -> String {
40 e.to_string()
41 }
42}
43
44pub fn is_allowed(
45 actor: &Actor,
46 action: &Action,
47 resource: &Resource,
48 ctx: Option<Context>,
49) -> Result<(), Error> {
50 match policies::is_allowed(actor, action, resource, ctx.unwrap_or(Context::empty())) {
51 (allowed, _) if allowed => Ok(()),
52 _ => {
53 let err = Error::NotAllowed {
54 actor: actor.to_string(),
55 action: action.to_string(),
56 resource: format!("{}", resource),
57 };
58
59 trace!("{}", err);
60 Err(err)
61 }
62 }
63}