Struct AuthorizationHook 

pub struct AuthorizationHook { /* private fields */ }

Available on crate feature enterprise only.

Composite authorization hook that short-circuits on first deny.

Examples

use http_handle::enterprise::AuthorizationHook;
let h = AuthorizationHook::new();
assert_eq!(format!("{h:?}").contains("AuthorizationHook"), true);

Panics

This type does not panic.

Implementations

impl AuthorizationHook

pub fn new() -> Self

Creates an empty authorization hook chain.

Examples

use http_handle::enterprise::AuthorizationHook;
let _h = AuthorizationHook::new();
assert_eq!(1, 1);

Panics

This function does not panic.

pub fn with_engine(self, engine: impl AuthorizationEngine + 'static) -> Self

Adds an authorization engine to the chain.

Examples

use http_handle::enterprise::{AuthorizationContext, AuthorizationDecision, AuthorizationEngine, AuthorizationHook};
struct Allow;
impl AuthorizationEngine for Allow {
    fn evaluate(&self, _context: &AuthorizationContext) -> AuthorizationDecision { AuthorizationDecision::Allow }
}
let _h = AuthorizationHook::new().with_engine(Allow);
assert_eq!(1, 1);

Panics

This function does not panic.

pub fn evaluate(&self, context: &AuthorizationContext) -> AuthorizationDecision

Evaluates all engines in-order.

Examples

use http_handle::enterprise::{AuthorizationContext, AuthorizationDecision, AuthorizationEngine, AuthorizationHook};
struct Allow;
impl AuthorizationEngine for Allow {
    fn evaluate(&self, _context: &AuthorizationContext) -> AuthorizationDecision { AuthorizationDecision::Allow }
}
let h = AuthorizationHook::new().with_engine(Allow);
let d = h.evaluate(&AuthorizationContext::default());
assert!(matches!(d, AuthorizationDecision::Allow));

Panics

This function does not panic.

pub fn evaluate_http_request( &self, request: &Request, subject: impl Into<String>, attributes: HashMap<String, String>, ) -> AuthorizationDecision

Evaluates authorization from an HTTP request.

Use this helper to map request method and path into an authorization context without repeating context construction in each handler.

Examples

use http_handle::enterprise::{AuthorizationDecision, AuthorizationHook, RbacAdapter};
use http_handle::request::Request;
use std::collections::HashMap;

let auth = AuthorizationHook::new().with_engine(
    RbacAdapter::default()
        .grant_role("service-a", "reader")
        .grant_permission("reader", "/metrics", "GET"),
);
let request = Request {
    method: "GET".to_string(),
    path: "/metrics".to_string(),
    version: "HTTP/1.1".to_string(),
    headers: HashMap::new(),
};

let decision = auth.evaluate_http_request(
    &request,
    "service-a",
    HashMap::new(),
);
assert!(matches!(decision, AuthorizationDecision::Allow));

Panics

This function does not panic.

Trait Implementations

impl Debug for AuthorizationHook

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AuthorizationHook

fn default() -> AuthorizationHook

Returns the “default value” for a type.