Quick Start
Prerequisites
- Rust (edition 2021, stable recommended)
- A project to integrate kirino into
Add Dependency
Add kirino to your Cargo.toml:
[dependencies]
kirino = "0.1"
tokio = { version = "1", features = ["full"] }
serde = { version = "1", features = ["derive"] }
Define Your Permissions
use serde::{Deserialize, Serialize};
use kirino::rbac::traits::Permission;
#[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
enum MyPermission {
DocumentRead,
DocumentWrite,
UserManage,
SystemAdmin,
}
impl Permission for MyPermission {
fn name(&self) -> &str {
match self {
Self::DocumentRead => "document:read",
Self::DocumentWrite => "document:write",
Self::UserManage => "user:manage",
Self::SystemAdmin => "system:admin",
}
}
fn domain(&self) -> &str {
match self {
Self::DocumentRead | Self::DocumentWrite => "document",
Self::UserManage => "user",
Self::SystemAdmin => "system",
}
}
}
Set Up the RBAC Engine
use kirino::rbac::prelude::*;
async fn build_engine() -> RbacEngine<
StringSubject,
MyPermission,
SimpleRole<MyPermission>,
InMemoryAssignmentStore<StringSubject, SimpleRole<MyPermission>, MyPermission>,
> {
// 1. Register all known permissions
let perm_registry = StaticPermissionRegistry::from_set(
[MyPermission::DocumentRead, MyPermission::DocumentWrite,
MyPermission::UserManage, MyPermission::SystemAdmin].into()
);
// 2. Define roles with their permission sets
let mut role_registry = StaticRoleRegistry::new();
role_registry.register(SimpleRole::new("admin", [MyPermission::DocumentRead,
MyPermission::DocumentWrite, MyPermission::UserManage, MyPermission::SystemAdmin].into()));
role_registry.register(SimpleRole::new("editor", [MyPermission::DocumentRead,
MyPermission::DocumentWrite].into()));
role_registry.register(SimpleRole::new("viewer", [MyPermission::DocumentRead].into()));
// 3. Create in-memory stores
let assignment_store = InMemoryAssignmentStore::new();
let role_store = InMemoryRoleStore::new();
// 4. Build the engine
RbacEngine::new(
Arc::new(role_registry),
Arc::new(perm_registry),
Arc::new(assignment_store),
)
}
Check Permissions
#[tokio::main]
async fn main() {
let engine = build_engine().await;
// Assign admin role to a user
let alice = StringSubject::new("alice");
engine.assign_role(&alice, "admin").await.unwrap();
// Check permission
assert!(engine.check(&alice, &MyPermission::DocumentWrite).await);
assert!(!engine.check(&alice, &MyPermission::SystemAdmin).await);
}
Use the Built-in AuthService
For a complete setup with authentication, use AuthService:
use kirino::service::login::{AuthService, build_default_engine};
use std::sync::Arc;
let engine = Arc::new(build_default_engine());
let service = AuthService::new(engine);
// First user gets admin role automatically
service.register("admin", "password123").await.unwrap();
let token = service.login("admin", "password123").await.unwrap();
Verify
cargo build
cargo test