thepartly/gatehouse: A flexible authorization library that combines role-based (RBAC), attribute-based (ABAC), and relationship-based (ReBAC) access control policies.

A flexible authorization library that combines role-based (RBAC), attribute-based (ABAC), and relationship-based (ReBAC) access control policies.

• Multi-paradigm Authorization: Support for RBAC, ABAC, and ReBAC patterns
• Policy Composition: Combine policies with logical operators (AND, OR, NOT)
• Detailed Evaluation Tracing: Complete decision trace for debugging and auditing
• Fluent Builder API: Construct custom policies with a PolicyBuilder.
• Type Safety: Strongly typed resources/actions/contexts
• Async Ready: Built with async/await support

The foundation of the authorization system:

#[async_trait]
trait PolicySubject, Resource, Action, Context> {
    async fn evaluate_access(
        &self,
        subject: &Subject,
        action: &Action,
        resource: &Resource,
        context: &Context,
    ) -> PolicyEvalResult;
}

Aggregates multiple policies (e.g. RBAC, ABAC) with OR logic by default: if any policy grants access, permission is granted.

let mut checker = PermissionChecker::new();
checker.add_policy(rbac_policy);
checker.add_policy(owner_policy);

// Check if access is granted
let result = checker.evaluate_access(&user, &action, &resource, &context).await;
if result.is_granted() {
    // Access allowed
} else {
    // Access denied
}

The PolicyBuilder provides a fluent API to construct custom policies by chaining predicate functions for
subjects, actions, resources, and context. Once built, the policy can be added to a [PermissionChecker].

let custom_policy = PolicyBuilder::MySubject, MyResource, MyAction, MyContext>::new("CustomPolicy")
    .subjects(|s| /* ... */)
    .actions(|a| /* ... */)
    .resources(|r| /* ... */)
    .context(|c| /* ... */)
    .when(|s, a, r, c| /* ... */)
    .build();

• RbacPolicy: Role-based access control
• AbacPolicy: Attribute-based access control
• RebacPolicy: Relationship-based access control

AndPolicy: Grants access only if all inner policies allow access
OrPolicy: Grants access if any inner policy allows access
NotPolicy: Inverts the decision of an inner policy

See the examples directory for complete demonstration of:

• Role-based access control (rbac_policy)
• Relationship-based access control (rebac_policy)
• Policy combinators (combinator_policy)

Run with:

cargo run --example rbac_policy

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!