omni_orchestrator::schemas::v1::db::queries::permission

Function create_permission

Source 
pub async fn create_permission(
    pool: &Pool<MySql>,
    name: &str,
    description: Option<String>,
    resource_type: String,
) -> Result<Permission>
Expand description

Creates a new permission in the system.

This function inserts a new permission record with the provided name, description, and resource type. Permissions are a fundamental component of the role-based access control (RBAC) system, representing specific actions that can be performed on system resources.

§Arguments

  • pool - Database connection pool for executing the query
  • name - Name of the new permission (should be unique and descriptive)
  • description - Optional description explaining the permission’s purpose
  • resource_type - Type of resource this permission applies to (e.g., “app”, “user”, “deployment”)

§Returns

  • Ok(Permission) - Successfully created permission record
  • Err(anyhow::Error) - Failed to create permission record

§Permission Naming

Permission names are typically formatted as verb-noun pairs describing an action on a resource type, such as “create-app”, “read-user”, or “deploy-application”.

§Transaction Handling

This function uses a database transaction to ensure atomicity of the operation. If any part of the operation fails, the entire operation is rolled back.

§Note

Creating a permission doesn’t automatically assign it to any roles. Use assign_permission_to_role to associate the permission with roles.