diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/syn/src/classify.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/syn/src/classify.rs')
| -rw-r--r-- | vendor/syn/src/classify.rs | 311 |
1 files changed, 0 insertions, 311 deletions
diff --git a/vendor/syn/src/classify.rs b/vendor/syn/src/classify.rs deleted file mode 100644 index 8eab19db..00000000 --- a/vendor/syn/src/classify.rs +++ /dev/null @@ -1,311 +0,0 @@ -#[cfg(feature = "full")] -use crate::expr::Expr; -#[cfg(any(feature = "printing", feature = "full"))] -use crate::generics::TypeParamBound; -#[cfg(any(feature = "printing", feature = "full"))] -use crate::path::{Path, PathArguments}; -#[cfg(any(feature = "printing", feature = "full"))] -use crate::punctuated::Punctuated; -#[cfg(any(feature = "printing", feature = "full"))] -use crate::ty::{ReturnType, Type}; -#[cfg(feature = "full")] -use proc_macro2::{Delimiter, TokenStream, TokenTree}; -#[cfg(any(feature = "printing", feature = "full"))] -use std::ops::ControlFlow; - -#[cfg(feature = "full")] -pub(crate) fn requires_semi_to_be_stmt(expr: &Expr) -> bool { - match expr { - Expr::Macro(expr) => !expr.mac.delimiter.is_brace(), - _ => requires_comma_to_be_match_arm(expr), - } -} - -#[cfg(feature = "full")] -pub(crate) fn requires_comma_to_be_match_arm(expr: &Expr) -> bool { - match expr { - Expr::If(_) - | Expr::Match(_) - | Expr::Block(_) | Expr::Unsafe(_) // both under ExprKind::Block in rustc - | Expr::While(_) - | Expr::Loop(_) - | Expr::ForLoop(_) - | Expr::TryBlock(_) - | Expr::Const(_) => false, - - Expr::Array(_) - | Expr::Assign(_) - | Expr::Async(_) - | Expr::Await(_) - | Expr::Binary(_) - | Expr::Break(_) - | Expr::Call(_) - | Expr::Cast(_) - | Expr::Closure(_) - | Expr::Continue(_) - | Expr::Field(_) - | Expr::Group(_) - | Expr::Index(_) - | Expr::Infer(_) - | Expr::Let(_) - | Expr::Lit(_) - | Expr::Macro(_) - | Expr::MethodCall(_) - | Expr::Paren(_) - | Expr::Path(_) - | Expr::Range(_) - | Expr::RawAddr(_) - | Expr::Reference(_) - | Expr::Repeat(_) - | Expr::Return(_) - | Expr::Struct(_) - | Expr::Try(_) - | Expr::Tuple(_) - | Expr::Unary(_) - | Expr::Yield(_) - | Expr::Verbatim(_) => true, - } -} - -#[cfg(feature = "printing")] -pub(crate) fn trailing_unparameterized_path(mut ty: &Type) -> bool { - loop { - match ty { - Type::BareFn(t) => match &t.output { - ReturnType::Default => return false, - ReturnType::Type(_, ret) => ty = ret, - }, - Type::ImplTrait(t) => match last_type_in_bounds(&t.bounds) { - ControlFlow::Break(trailing_path) => return trailing_path, - ControlFlow::Continue(t) => ty = t, - }, - Type::Path(t) => match last_type_in_path(&t.path) { - ControlFlow::Break(trailing_path) => return trailing_path, - ControlFlow::Continue(t) => ty = t, - }, - Type::Ptr(t) => ty = &t.elem, - Type::Reference(t) => ty = &t.elem, - Type::TraitObject(t) => match last_type_in_bounds(&t.bounds) { - ControlFlow::Break(trailing_path) => return trailing_path, - ControlFlow::Continue(t) => ty = t, - }, - - Type::Array(_) - | Type::Group(_) - | Type::Infer(_) - | Type::Macro(_) - | Type::Never(_) - | Type::Paren(_) - | Type::Slice(_) - | Type::Tuple(_) - | Type::Verbatim(_) => return false, - } - } - - fn last_type_in_path(path: &Path) -> ControlFlow<bool, &Type> { - match &path.segments.last().unwrap().arguments { - PathArguments::None => ControlFlow::Break(true), - PathArguments::AngleBracketed(_) => ControlFlow::Break(false), - PathArguments::Parenthesized(arg) => match &arg.output { - ReturnType::Default => ControlFlow::Break(false), - ReturnType::Type(_, ret) => ControlFlow::Continue(ret), - }, - } - } - - fn last_type_in_bounds( - bounds: &Punctuated<TypeParamBound, Token![+]>, - ) -> ControlFlow<bool, &Type> { - match bounds.last().unwrap() { - TypeParamBound::Trait(t) => last_type_in_path(&t.path), - TypeParamBound::Lifetime(_) - | TypeParamBound::PreciseCapture(_) - | TypeParamBound::Verbatim(_) => ControlFlow::Break(false), - } - } -} - -/// Whether the expression's first token is the label of a loop/block. -#[cfg(all(feature = "printing", feature = "full"))] -pub(crate) fn expr_leading_label(mut expr: &Expr) -> bool { - loop { - match expr { - Expr::Block(e) => return e.label.is_some(), - Expr::ForLoop(e) => return e.label.is_some(), - Expr::Loop(e) => return e.label.is_some(), - Expr::While(e) => return e.label.is_some(), - - Expr::Assign(e) => expr = &e.left, - Expr::Await(e) => expr = &e.base, - Expr::Binary(e) => expr = &e.left, - Expr::Call(e) => expr = &e.func, - Expr::Cast(e) => expr = &e.expr, - Expr::Field(e) => expr = &e.base, - Expr::Index(e) => expr = &e.expr, - Expr::MethodCall(e) => expr = &e.receiver, - Expr::Range(e) => match &e.start { - Some(start) => expr = start, - None => return false, - }, - Expr::Try(e) => expr = &e.expr, - - Expr::Array(_) - | Expr::Async(_) - | Expr::Break(_) - | Expr::Closure(_) - | Expr::Const(_) - | Expr::Continue(_) - | Expr::Group(_) - | Expr::If(_) - | Expr::Infer(_) - | Expr::Let(_) - | Expr::Lit(_) - | Expr::Macro(_) - | Expr::Match(_) - | Expr::Paren(_) - | Expr::Path(_) - | Expr::RawAddr(_) - | Expr::Reference(_) - | Expr::Repeat(_) - | Expr::Return(_) - | Expr::Struct(_) - | Expr::TryBlock(_) - | Expr::Tuple(_) - | Expr::Unary(_) - | Expr::Unsafe(_) - | Expr::Verbatim(_) - | Expr::Yield(_) => return false, - } - } -} - -/// Whether the expression's last token is `}`. -#[cfg(feature = "full")] -pub(crate) fn expr_trailing_brace(mut expr: &Expr) -> bool { - loop { - match expr { - Expr::Async(_) - | Expr::Block(_) - | Expr::Const(_) - | Expr::ForLoop(_) - | Expr::If(_) - | Expr::Loop(_) - | Expr::Match(_) - | Expr::Struct(_) - | Expr::TryBlock(_) - | Expr::Unsafe(_) - | Expr::While(_) => return true, - - Expr::Assign(e) => expr = &e.right, - Expr::Binary(e) => expr = &e.right, - Expr::Break(e) => match &e.expr { - Some(e) => expr = e, - None => return false, - }, - Expr::Cast(e) => return type_trailing_brace(&e.ty), - Expr::Closure(e) => expr = &e.body, - Expr::Let(e) => expr = &e.expr, - Expr::Macro(e) => return e.mac.delimiter.is_brace(), - Expr::Range(e) => match &e.end { - Some(end) => expr = end, - None => return false, - }, - Expr::RawAddr(e) => expr = &e.expr, - Expr::Reference(e) => expr = &e.expr, - Expr::Return(e) => match &e.expr { - Some(e) => expr = e, - None => return false, - }, - Expr::Unary(e) => expr = &e.expr, - Expr::Verbatim(e) => return tokens_trailing_brace(e), - Expr::Yield(e) => match &e.expr { - Some(e) => expr = e, - None => return false, - }, - - Expr::Array(_) - | Expr::Await(_) - | Expr::Call(_) - | Expr::Continue(_) - | Expr::Field(_) - | Expr::Group(_) - | Expr::Index(_) - | Expr::Infer(_) - | Expr::Lit(_) - | Expr::MethodCall(_) - | Expr::Paren(_) - | Expr::Path(_) - | Expr::Repeat(_) - | Expr::Try(_) - | Expr::Tuple(_) => return false, - } - } - - fn type_trailing_brace(mut ty: &Type) -> bool { - loop { - match ty { - Type::BareFn(t) => match &t.output { - ReturnType::Default => return false, - ReturnType::Type(_, ret) => ty = ret, - }, - Type::ImplTrait(t) => match last_type_in_bounds(&t.bounds) { - ControlFlow::Break(trailing_brace) => return trailing_brace, - ControlFlow::Continue(t) => ty = t, - }, - Type::Macro(t) => return t.mac.delimiter.is_brace(), - Type::Path(t) => match last_type_in_path(&t.path) { - Some(t) => ty = t, - None => return false, - }, - Type::Ptr(t) => ty = &t.elem, - Type::Reference(t) => ty = &t.elem, - Type::TraitObject(t) => match last_type_in_bounds(&t.bounds) { - ControlFlow::Break(trailing_brace) => return trailing_brace, - ControlFlow::Continue(t) => ty = t, - }, - Type::Verbatim(t) => return tokens_trailing_brace(t), - - Type::Array(_) - | Type::Group(_) - | Type::Infer(_) - | Type::Never(_) - | Type::Paren(_) - | Type::Slice(_) - | Type::Tuple(_) => return false, - } - } - } - - fn last_type_in_path(path: &Path) -> Option<&Type> { - match &path.segments.last().unwrap().arguments { - PathArguments::None | PathArguments::AngleBracketed(_) => None, - PathArguments::Parenthesized(arg) => match &arg.output { - ReturnType::Default => None, - ReturnType::Type(_, ret) => Some(ret), - }, - } - } - - fn last_type_in_bounds( - bounds: &Punctuated<TypeParamBound, Token![+]>, - ) -> ControlFlow<bool, &Type> { - match bounds.last().unwrap() { - TypeParamBound::Trait(t) => match last_type_in_path(&t.path) { - Some(t) => ControlFlow::Continue(t), - None => ControlFlow::Break(false), - }, - TypeParamBound::Lifetime(_) | TypeParamBound::PreciseCapture(_) => { - ControlFlow::Break(false) - } - TypeParamBound::Verbatim(t) => ControlFlow::Break(tokens_trailing_brace(t)), - } - } - - fn tokens_trailing_brace(tokens: &TokenStream) -> bool { - if let Some(TokenTree::Group(last)) = tokens.clone().into_iter().last() { - last.delimiter() == Delimiter::Brace - } else { - false - } - } -} |