PermissionManager

Mountain::IPC::Security::PermissionManager

Struct PermissionManager 

Source 
pub struct PermissionManager {
    roles: Arc<RwLock<HashMap<String, Role>>>,
    permissions: Arc<RwLock<HashMap<String, Permission>>>,
    audit_log: Arc<RwLock<Vec<SecurityEvent>>>,
}
Expand description

Permission manager for IPC operations

This is the main security enforcement structure for the IPC layer. It maintains role and permission definitions, validates access requests, and logs security events for auditing.

§Permission Flow

IPC Message arrives
    |
    | validate_permission(operation, context)
    v
Check if operation requires permissions
    |
    | Yes -> Get required permissions
    v
Check user permissions (direct + role-based)
    |
    | Has all required permissions?
    v
Yes -> Log AccessGranted -> Allow operation
No  -> Log PermissionDenied -> Deny operation

§Default Roles

The PermissionManager initializes with three default roles:

  • user: Read-only access to files, configuration, and storage
  • developer: Read/write access to files and storage, configuration read
  • admin: Full access including system operations and configuration updates

§Default Permissions

Standard permissions include:

  • file.read, file.write
  • config.read, config.update
  • storage.read, storage.write
  • system.external

Fields§

§roles: Arc<RwLock<HashMap<String, Role>>>

Role definitions with associated permissions

§permissions: Arc<RwLock<HashMap<String, Permission>>>

Permission definitions with descriptions

§audit_log: Arc<RwLock<Vec<SecurityEvent>>>

Security audit log (limited to last 1000 events)

Implementations§

Source§

impl PermissionManager

Source

pub fn new() -> Self

Create a new permission manager

Source

pub async fn validate_permission( &self, operation: &str, context: &SecurityContext, ) -> Result<(), String>

Validate permission for an operation

This method checks if the given security context has sufficient permissions to perform the specified operation.

§Parameters
  • operation: The operation being attempted (e.g., “file:write”, “config:update”)
  • context: The security context containing user information
§Returns
  • Ok(()) if the operation is allowed
  • Err(String) with reason if denied
§Example
let context = SecurityContext::ipc_default();
permission_manager.validate_permission("file:read", &context).await?;
Source

async fn get_required_permissions(&self, operation: &str) -> Vec<String>

Get required permissions for an operation

This method defines which permissions are required for which operations. Operations not in the mapping require no special permissions by default.

§Operation Permission Mapping
OperationRequired Permissions
file:writefile.write
file:deletefile.write
configuration:updateconfig.update
storage:setstorage.write
native:openExternalsystem.external
Source

async fn get_role_permissions(&self, role_name: &str) -> Vec<String>

Get permissions for a role

Source

pub async fn log_security_event(&self, event: SecurityEvent)

Log security event

Source

pub async fn get_audit_log(&self, limit: usize) -> Vec<SecurityEvent>

Get security audit log

Returns the most recent security events up to the specified limit.

Source

pub async fn initialize_defaults(&self)

Initialize default roles and permissions

This method sets up the standard RBAC structure with three default roles and their associated permissions.

Source

pub async fn add_role(&self, role: Role)

Add a custom role

Source

pub async fn add_permission(&self, permission: Permission)

Add a custom permission

Source

pub async fn clear_audit_log(&self)

Clear the audit log

Source

pub async fn get_audit_log_stats(&self) -> (usize, Vec<(&'static str, usize)>)

Get audit log statistics

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> Downcast for T
where T: Any,

§

fn into_any(self: Box<T>) -> Box<dyn Any>

Convert Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>. Box<dyn Any> can then be further downcast into Box<ConcreteType> where ConcreteType implements Trait.
§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Convert Rc<Trait> (where Trait: Downcast) to Rc<Any>. Rc<Any> can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
§

fn as_any(&self) -> &(dyn Any + 'static)

Convert &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Convert &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Sync + Send>

Convert Arc<Trait> (where Trait: Downcast) to Arc<Any>. Arc<Any> can then be further downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> AutoreleaseSafe for T
where T: ?Sized,