Skip to main content

AuthContext

subcog::services::auth

Struct AuthContext 

Source 
pub struct AuthContext {
    subject: Option<String>,
    scopes: HashSet<String>,
    is_local: bool,
    org_name: Option<String>,
    org_role: Option<String>,
    group_roles: HashMap<String, String>,
}
Expand description

Authorization context for service operations.

Carries identity and permission information through the service layer. Can be created from JWT claims or constructed directly for testing.

Fields§

§subject: Option<String>

Subject identifier (user ID, service account, etc.).

§scopes: HashSet<String>

Granted scopes/permissions.

§is_local: bool

Whether this is a local/CLI context (implicitly trusted).

§org_name: Option<String>

Organization name (for org-scoped operations).

§org_role: Option<String>

Role within the organization (admin, member, etc.).

§group_roles: HashMap<String, String>

Group roles (group_id → role string).

Implementations§

Source§

impl AuthContext

Source

pub fn local() -> Self

Creates a local context with full permissions.

Used for CLI access where the user has local filesystem access.

Source

pub fn from_scopes(scopes: Vec<String>) -> Self

Creates a context from a list of scope strings.

§Arguments
  • scopes - List of scope strings (e.g., ["read", "write"]).
Source

pub fn builder() -> AuthContextBuilder

Creates a builder for constructing an auth context.

Source

pub fn with_subject(self, subject: impl Into<String>) -> Self

Sets the subject identifier.

Source

pub fn subject(&self) -> Option<&str>

Returns the subject identifier.

Source

pub const fn is_local(&self) -> bool

Returns whether this is a local/CLI context.

Source

pub fn org_name(&self) -> Option<&str>

Returns the organization name if set.

Source

pub fn org_role(&self) -> Option<&str>

Returns the organization role if set.

Source

pub fn has_org_access(&self) -> bool

Returns whether this context has org access.

Source

pub fn has_scope(&self, scope: &str) -> bool

Checks if the context has a specific scope.

Source

pub fn has_permission(&self, permission: Permission) -> bool

Checks if the context has a specific permission.

Source

pub fn has_any_permission(&self, permissions: &[Permission]) -> bool

Checks if the context has any of the specified permissions.

Source

pub fn require(&self, permission: Permission) -> Result<()>

Requires a specific permission, returning an error if not granted.

§Errors

Returns Error::Unauthorized if the permission is not granted.

Source

pub fn require_any(&self, permissions: &[Permission]) -> Result<()>

Requires any of the specified permissions.

§Errors

Returns Error::Unauthorized if none of the permissions are granted.

Source

pub fn get_group_role(&self, group_id: &str) -> Option<GroupRole>

Returns the user’s role in a specific group.

§Arguments
  • group_id - The group identifier.
§Returns

Some(GroupRole) if the user has a role in the group, None otherwise. For local contexts, always returns Some(GroupRole::Admin).

Source

pub fn has_group_permission(&self, group_id: &str, min_role: GroupRole) -> bool

Checks if the user has at least the specified role in a group.

§Arguments
  • group_id - The group identifier.
  • min_role - The minimum required role.
§Returns

true if the user has sufficient permissions, false otherwise.

Source

pub fn require_group_role( &self, group_id: &str, min_role: GroupRole, ) -> Result<()>

Requires at least the specified role in a group.

§Arguments
  • group_id - The group identifier.
  • min_role - The minimum required role.
§Errors

Returns Error::Unauthorized if the user doesn’t have the required role.

Trait Implementations§

Source§

impl Clone for AuthContext

Source§

fn clone(&self) -> AuthContext

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuthContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for AuthContext

Source§

fn default() -> Self

Creates a default context that allows all operations.

This is used for CLI/local access where there’s no authentication.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<T> Allocation for T
where T: RefUnwindSafe + Send + Sync,