Validate requests

[khieta]

rendered

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[khieta]

I've revised the RFC and am looking for new reviews. Summary of changes:

1. Revised the User/File/Folder example per Mike's suggestion.
2. Added an additional example to the motivation section to show why validating requests is important in conjunction with standard validation.
3. Added an "unresolved question" about changing the Request::new API vs. adding a new Request::new_with_validation API.

Please weigh in on point (3) if you haven't already.

[khieta]

Revised! Notable changes:

• Per in-person discussion yesterday, instead of modifying the Request::new constructor, we will add a new Request::new_with_validation constructor.
• Added more concrete details about implementation (copied below for reference).

The new API will have the following signature:

pub fn new_with_validation(
        principal: Option<EntityUid>,
        action: Option<EntityUid>,
        resource: Option<EntityUid>,
        context: Context,
        schema: &Schema
    ) -> Result<Request> {
        ...
    }

(This is the same as the signature for Request::new, aside from the schema argument and return type.)

If the action is None (indicating that it is "unspecified"), then the function performs no additional checks. If the action is Some, then the function checks that the specified action is present in the schema, and that the principal and resource are consistent with the action's appliesTo lists in the schema.

[khieta]

Based on discussion, we generally support the addition of the Request::new_with_validation constructor. However, I've decided that this change does not merit the bar for an RFC, so rather than moving into FCP, I will be closing the issue. The core content of the RFC will be moved to an issue in the cedar repository.

[khieta]

Moved to cedar issue #191.