Module ManageRole

Mountain::IPC::Permission::Role

Module ManageRole 

Source
Expand description

§Manage Role

§File: IPC/Permission/Role/ManageRole.rs

§Role in Mountain Architecture

Defines and manages role structures for role-based access control (RBAC), providing organizational hierarchy for user permissions across the system.

§Primary Responsibility

Define role and permission structures for RBAC system with inheritance support.

§Secondary Responsibilities

  • Create role definitions with assigned permissions
  • Create permission definitions with categorization
  • Support role hierarchy and permission inheritance
  • Validate role and permission integrity

§Dependencies

External Crates:

  • serde - Serialization for storage and transport
  • std::collections::HashSet - Unique permission tracking

Internal Modules:

  • Validate::{SecurityContext} - Security context validation
  • LogEvent::{SecurityEvent} - Security event logging

§Dependents

  • Validate - Uses roles for permission validation
  • TauriIPCServer - Manages roles for IPC authorization

§VSCode Pattern Reference

Matches VSCode’s role system in vs/platform/permissions/common/permissions.ts

  • Hierarchical role definitions
  • Permission categorization
  • Role inheritance support
  • Permission uniqueness validation

§Security Considerations

  • Role names are case-sensitive for precise control
  • Permission names follow hierarchical naming (category.action)
  • Role inheritance prevents permission escalation through ambiguity
  • Role modifications logged for audit trails
  • Default roles cannot be deleted without confirmation
  • Permission deduplication prevents duplicate permissions in roles

§Performance Considerations

  • HashSet for unique permissions enables O(1) lookup
  • Role hierarchy flattened for fast permission resolution
  • Lazy initialization of role collections
  • Minimal copying of permission data

§Error Handling Strategy

  • Returns Result for explicit error handling
  • Duplicate permissions ignored with warning
  • Invalid role/permission names rejected early
  • Circular dependency detection in role hierarchy

§Thread Safety

  • Immutable role definitions after creation
  • Clone semantics for safe sharing across threads

§TODO Items

  • Implement role hierarchy with parent/child relationships
  • Add permission negation (deny permissions)
  • Support role templates for common permission sets

Structs§

Permission
Permission definition
Role
Role definition for RBAC system

Functions§

CreateAdminRole
Create administrator role
CreateDeveloperRole
Create developer role
CreateStandardPermissions
Create all standard permissions
CreateStandardRoles
Create all standard roles
CreateUserRole
Create standard user role