Struct PermissionValidator 

pub struct PermissionValidator {
    Roles: Arc<RwLock<HashMap<String, Role>>>,
    Permissions: Arc<RwLock<HashMap<String, Permission>>>,
    OperationPermissions: HashMap<String, Vec<String>>,
    ValidationTimeoutMillis: u64,
}

Permission validator for IPC operations

Fields

Roles: Arc<RwLock<HashMap<String, Role>>>

Role definitions indexed by role name

Permissions: Arc<RwLock<HashMap<String, Permission>>>

Permission definitions indexed by permission name

OperationPermissions: HashMap<String, Vec<String>>

Operation to permission mapping

ValidationTimeoutMillis: u64

Maximum time allowed for permission validation (milliseconds)

Implementations

impl PermissionValidator

pub fn New(ValidationTimeoutMillis: u64) -> Self

Create a new permission validator

Parameters

• ValidationTimeoutMillis: Maximum timeout for validation in milliseconds

Returns

New PermissionValidator instance

fn BuildOperationMapping() -> HashMap<String, Vec<String>>

Build operation to permission mapping

Returns

HashMap mapping operation names to required permission strings

pub fn CreateSecurityContext( UserId: String, Roles: Vec<String>, IpAddress: String, DirectPermissions: Vec<String>, ) -> SecurityContext

Create security context from message data

Parameters

• UserId: User identifier for the request
• Roles: User’s assigned roles (defaults to [“user”] if empty)
• IpAddress: Origin IP address
• DirectPermissions: Direct user permissions (optional)

Returns

New SecurityContext instance

pub async fn ValidatePermission( &self, Operation: &str, Context: &SecurityContext, ) -> Result<(), String>

Validate permission for an operation with security context

Parameters

• Operation: The operation being performed
• Context: Security context containing user info and roles

Returns

Ok(()) if permission granted, Err with message if denied

Security Notes

• All operations require explicit permission grant (default deny)
• Validation is performed server-side only
• IP address can be used for additional restrictions
• Timestamp can be used for time-based restrictions

async fn ValidatePermissionInternal( &self, Operation: &str, Context: &SecurityContext, ) -> Result<(), String>

Internal validation logic (without timeout wrapper)

Parameters

• Operation: The operation being performed
• Context: Security context

Returns

Ok(()) if permission granted, Err with message if denied

async fn AggregateUserPermissions( &self, Context: &SecurityContext, ) -> Result<Vec<String>, String>

Aggregate all permissions for a user from roles and direct permissions

Parameters

• Context: Security context containing roles and direct permissions

Returns

Vector of all permission strings available to the user

pub async fn RegisterRole(&self, Role: Role) -> Result<(), String>

Register a role definition

Parameters

• Role: Role definition to register

Returns

Result indicating success or error

pub async fn RegisterPermission( &self, Permission: Permission, ) -> Result<(), String>

Register a permission definition

Parameters

• Permission: Permission definition to register

/// Returns Result indicating success or error

pub async fn GetRolePermissions(&self, RoleName: &str) -> Vec<String>

Get all permissions for a specific role

Parameters

• RoleName: Name of the role to query

Returns

Vector of permission strings for the role, empty if role not found

pub async fn HasPermission( &self, Context: &SecurityContext, PermissionName: &str, ) -> bool

Check if a user has a specific permission

Parameters

• Context: Security context for the user
• PermissionName: Permission name to check

/// Returns true if user has permission, false otherwise

pub async fn InitializeDefaults(&self) -> Result<(), String>

Initialize default roles and permissions

Returns

Result indicating success or error

Default Roles

• user: Read-only access to files, config, storage
• developer: Read/write access to files and storage
• admin: Full access including system operations