ambient_authority/lib.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
//! Ambient Authority
//!
//! Capability-oriented library APIs should re-export the [`ambient_authority`]
//! function and [`AmbientAuthority`] type in their own API, and include this
//! type as an argument to any function which utilizes ambient authority.
//!
//! For example:
//!
//! ```rust
//! // Re-export the `AmbientAuthority` type.
//! pub use ambient_authority::{ambient_authority, AmbientAuthority};
//!
//! // Declare functions that use ambient authority with an `AmbientAuthority`
//! // argument.
//! pub fn do_a_thing(_: AmbientAuthority) {
//! println!("hello world");
//! }
//! ```
//!
//! To use an API that uses [`AmbientAuthority`], call [`ambient_authority`]
//! and pass the result:
//!
//! ```rust,ignore
//! use ambient_authority::ambient_authority;
//!
//! do_a_thing(ambient_authority());
//! ```
#![deny(missing_docs)]
#![deny(clippy::disallowed_method)]
#![forbid(unsafe_code)]
#![no_std]
/// Instances of this `AmbientAuthority` type serve to indicate that the
/// [`ambient_authority`] function has been called, indicating that the user
/// has explicitly opted into using ambient authority.
#[derive(Copy, Clone)]
pub struct AmbientAuthority(());
/// Return an `AmbientAuthority` value, which allows use of functions that
/// include an `AmbientAuthority` argument.
#[inline]
#[must_use]
#[allow(clippy::missing_const_for_fn)]
pub fn ambient_authority() -> AmbientAuthority {
AmbientAuthority(())
}
/// Internal implementation detail for macros.
///
/// For users concerned about resource names such as file names or network
/// addresses being influenced by untrusted code, file names in static string
/// literals and network addresses in integer literals are ok. This function
/// is similar to `ambient_authority` but is meant to be used in macros that
/// verify that the resource identifiers are known at compile time. Users of
/// the `disallowed_method` clippy lint can opt to allow or disallow this
/// function separately from the general `ambient_authority` function.
#[inline]
#[must_use]
#[doc(hidden)]
pub const fn ambient_authority_known_at_compile_time() -> AmbientAuthority {
AmbientAuthority(())
}