diff options
Diffstat (limited to 'crates/secd/src/auth/z.rs')
| -rw-r--r-- | crates/secd/src/auth/z.rs | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/crates/secd/src/auth/z.rs b/crates/secd/src/auth/z.rs deleted file mode 100644 index 31f449c..0000000 --- a/crates/secd/src/auth/z.rs +++ /dev/null @@ -1,61 +0,0 @@ -use uuid::Uuid; - -use crate::{Secd, SecdError}; - -pub type Namespace = String; -pub type Object = (Namespace, Uuid); -pub type Relation = String; - -pub struct Relationship { - pub subject: Subject, - pub object: Object, - pub relation: Relation, -} - -#[derive(Clone)] -pub enum Subject { - User(Object), - UserSet { user: Object, relation: Relation }, -} - -impl Secd { - pub async fn check(&self, r: &Relationship) -> Result<bool, SecdError> { - let spice = self - .spice - .clone() - .expect("TODO: only supports postgres right now"); - - Ok(spice.check_permission(r).await?) - } - pub async fn expand(&self) -> Result<(), SecdError> { - todo!() - } - pub async fn read(&self) -> Result<(), SecdError> { - todo!() - } - pub async fn watch(&self) -> Result<(), SecdError> { - unimplemented!() - } - pub async fn write(&self, ts: &[Relationship]) -> Result<(), SecdError> { - let spice = self - .spice - .clone() - .expect("TODO: only supports postgres right now"); - - // Since spice doesn't really have a great schema pattern, we - // prefix all incoming write relationships with an r_ to indicate - // they are "relationships" rather than what spice calls permissions - spice - .write_relationship( - &ts.into_iter() - .map(|r| Relationship { - subject: r.subject.clone(), - object: r.object.clone(), - relation: format!("r_{}", r.relation), - }) - .collect::<Vec<Relationship>>(), - ) - .await?; - Ok(()) - } -} |