actionable's Introduction

actionable

Actionable provides the basic functionality needed to build an async-based API that has a flexible permissions system integrated.

This crate was designed to be used by BonsaiDb internally, and as a way for users of BonsaiDb to extend their database servers with their own APIs.

Permissions

The Permissions struct is constructed from a list of Statements. The Statement struct is inspired by statements in IAM. By default, all actions are denied for all resources.

The ResourceName struct describes a unique name/id of anything in your application. This is meant to be similar to ARNs in IAM, but instead of being restricted to a format by this library, you are able to define your own syntax.

The Action trait is derive-able, and will convert any enum to something that can be permitted or denied to any ResourceName. This derive macro only supports enums with variants that have no parameters, or only have a single name-less parameter that also implements Action.

An example Action enum might look like:

#[derive(Action, Debug)]
pub enum AllActions {
    FlushCache,
    User(UserActions)
}

#[derive(Action, Debug)]
pub enum UserActions {
    Create,
    ChangeUsername,
    Delete,
}

An example permissions check for users.42 might look like:

let allowed = permissions.allowed_to(
    &ResourceName::named("users").and(42),
    &AllActions::User(UserActions::Delete)
);

Permission-driven async API

At the core of many networked APIs written in Rust is an enum that represents a request, and similarly there are usually common response/error types. In these applications, there is usually a manually-written match statement that, for readability and maintainability, simply pass the parameters from the request to a helper method to handle the actual logic of the request.

The goal of the API portion of this crate is to replace the aforementioned boilerplate match statement with a simple derive macro. For a commented example, check out actionable/examples/api-simulator.rs.

Open-source Licenses

This project, like all projects from Khonsu Labs, are open-source. This repository is available under the MIT License or the Apache License 2.0.

actionable's People

Contributors

Stargazers

Watchers

actionable's Issues

Support enabling/disabling async

It shouldn't be hard to make async an option. Not needed for @khonsulabs, but this would crate would be more generally useful.

Add merging operations for `Permissions`

Currently, if you have 3 lists of statements representing three permissions groups, to apply any two of them, you'd need to compute the result of the combination of all of the statements into a single Permissions object.

We should support merging two Permissions instances, as that should be much quicker than evaluating the entire list of statements again.

Add support for Quotas

In addition to be able to grant allowable actions, it would be useful to be able to grant arbitrary values that could be interpreted as quotas. For example, in khonsulabs/bonsaidb#135 it could be desirable to add a quota that can be granted: maximum ephemeral key size. This would allow different users to be able to store different-sized keys.

Other useful quotas could be connection limits, pipelining limits, and more.

Recommend Projects