Development Documentation (main branch) - For stable release docs, see docs.rs/eidetica

clamp_permission

eidetica::auth::permission

Function clamp_permission 

Source 
pub fn clamp_permission(
    delegated_permission: Permission,
    bounds: &PermissionBounds,
) -> Permission
Expand description

Clamp a delegated permission to fit within the specified bounds

This function enforces permission boundaries by:

  1. Applying the maximum bound (required) - reduces permission if it exceeds max
  2. Applying the minimum bound (optional) - increases permission if it’s below min

§Arguments

  • delegated_permission - The permission level from the delegated tree
  • bounds - The permission bounds configured for this delegation

§Returns

The effective permission after applying bounds

§Examples

use eidetica::auth::permission::clamp_permission;
use eidetica::auth::types::{Permission, PermissionBounds};

let bounds = PermissionBounds {
    max: Permission::Write(10),
    min: Some(Permission::Read),
};

// Admin permission gets clamped down to Write(10)
let clamped = clamp_permission(Permission::Admin(5), &bounds);
assert_eq!(clamped, Permission::Write(10));

// Read permission stays as Read (meets minimum)
let clamped = clamp_permission(Permission::Read, &bounds);
assert_eq!(clamped, Permission::Read);