mirror of
https://github.com/clockworklabs/SpacetimeDB.git
synced 2026-05-13 03:08:40 -04:00
Kim Altintop
310d8eb7ae
Permissions for evaluating SQL/DML are not generally "actions", but more a set of permissions that are checked during evaluation. To make this work with the teams feature, this patch extends `AuthCtx` to allow checking a set of permissions as mandated by the spec. This set is a bit more fine-grained than "is owner", so as to avoid baking in the concept of teams/collaborators, or assumptions about what a role might entail. Both are likely to evolve in the future, so evaluation of permissions / capabilities should be confined to the impl of the `Authorization` trait. Unlike "actions", the `AuthCtx` must be able to evaluate permission checks quickly and without side-effects, nor can it enter an `async` context. In that sense, it is precomputed (if you will), and stored as a closure in the `AuthCtx` for external authorization. A challenge posed is how to thread through the constructed `AuthCtx` for subscriptions. A tempting approach would have been to equip the `HostController` with the ability to summon an `AuthCtx`. That, however, would have created a gnarly circular dependency, because the `HostController` also controls the controldb, which itself demands an `AuthCtx`. Instead, the `AuthCtx` is obtained in the endpoint handler and passed to each method call that requires one. That's less pretty, but more effective. --------- Signed-off-by: Kim Altintop <kim@eagain.io> Co-authored-by: Phoebe Goldman <phoebe@clockworklabs.io>
⚠️ Internal Crate ⚠️
This crate is intended for internal use only. It is not stable and may change without notice.