Skip to content

add authorization example to ro cedar rust hello world #202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: release/4.2.x
Choose a base branch
from
Open

add authorization example to ro cedar rust hello world #202

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions cedar-rust-hello-world/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ fn main() {

//print a policy in JSON format
to_json();

//Authorization example
let decision = authorization();
println!("{:?}", decision);
}
/// parse a policy
fn parse_policy() {
Expand Down Expand Up @@ -471,3 +475,31 @@ fn create_p_a_r() -> (EntityUid, EntityUid, EntityUid) {
let r = EntityUid::from_type_name_and_id(r_name, r_eid);
(p, a, r)
}

/// Demonstrates a basic Cedar authorization flow
/// Returns a Response indicating whether the access is allowed or denied
fn authorization() -> Response {
let (principal, action, resource) = create_p_a_r();
let context_json_val = serde_json::json!({});
let context = Context::from_json_value(context_json_val, None).unwrap();
Comment on lines +483 to +484
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicer API for this:

Suggested change
let context_json_val = serde_json::json!({});
let context = Context::from_json_value(context_json_val, None).unwrap();
let context = Context::empty();


// Construct the authorization request combining principal, action, resource, and context
let request = Request::new(principal, action, resource, context, None)
.expect("request validation error");

// Define the policy that determines access rules
// This policy permits user "alice" to perform "update" action on "VacationPhoto94.jpg"
let policies_str = r#"permit(
principal == User::"alice",
action == Action::"view",
resource == Album::"trip"
);"#;

// Evaluate the authorization request against the policy and entities
let policy_set = PolicySet::from_str(policies_str).expect("policy parse error");
let entities_json = r#"[]"#;
let entities = Entities::from_json_str(entities_json, None).expect("entity parse error");
Comment on lines +500 to +501
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let entities_json = r#"[]"#;
let entities = Entities::from_json_str(entities_json, None).expect("entity parse error");
let entities = Entities::empty();

let authorizer = Authorizer::new();
authorizer.is_authorized(&request, &policy_set, &entities)
}

Loading