diff options
Diffstat (limited to '')
| -rw-r--r-- | crates/secd/src/auth/z.rs | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/crates/secd/src/auth/z.rs b/crates/secd/src/auth/z.rs new file mode 100644 index 0000000..81c3639 --- /dev/null +++ b/crates/secd/src/auth/z.rs @@ -0,0 +1,54 @@ +use uuid::Uuid; + +use crate::{client::spice::SpiceError, Secd}; + +#[derive(Debug, thiserror::Error, derive_more::Display)] +pub enum AuthZError { + SpiceClient(#[from] SpiceError), + Todo, +} + +pub type Namespace = String; +pub type Object = (Namespace, Uuid); +pub type Relation = String; + +pub struct Relationship { + pub subject: Subject, + pub object: Object, + pub relation: String, +} + +#[derive(Clone)] +pub enum Subject { + User(Object), + UserSet { user: Object, relation: Relation }, +} + +impl Secd { + pub async fn check(&self, r: &Relationship) -> Result<bool, AuthZError> { + let spice = self + .spice + .clone() + .expect("TODO: only supports postgres right now"); + + Ok(spice.check_permission(r).await?) + } + pub async fn expand(&self) -> Result<(), AuthZError> { + todo!() + } + pub async fn read(&self) -> Result<(), AuthZError> { + todo!() + } + pub async fn watch(&self) -> Result<(), AuthZError> { + unimplemented!() + } + pub async fn write(&self, ts: &[Relationship]) -> Result<(), AuthZError> { + let spice = self + .spice + .clone() + .expect("TODO: only supports postgres right now"); + + spice.write_relationship(ts).await?; + Ok(()) + } +} |